Skills
skills/paleo/alignfirst/alignfirst-coaching/Gen Agent Trust Hub

alignfirst-coaching

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/alignfirst-agent.mjs uses spawnSync to execute the claude CLI. It dynamically constructs command-line arguments using input from the --message, --protocol, and --ticket flags, which creates a surface for command manipulation.
  • [COMMAND_EXECUTION]: The script includes logic to bypass user confirmation for the underlying agent. If the ALIGNFIRST_AGENT_SKIP_PERMISSIONS environment variable is set, the script executes claude with the --dangerously-skip-permissions flag, allowing the agent to perform potentially destructive operations without human oversight.
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by acting as a conduit for user messages to an underlying AI agent. The wrapper script passes raw, unsanitized user input directly to the claude agent, which may then execute instructions contained within that message.
  • [DATA_EXFILTRATION]: The script captures and logs all inputs and agent outputs to a directory specified by the ALIGNFIRST_AGENT_LOG_DIR environment variable. This practice results in the plain-text exposure of user messages, project details, and agent findings on the local file system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 06:34 AM