deploy
Fail
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a shell script using unquoted user-provided arguments:
./scripts/sync_to_docs.sh $ARGUMENTS. This pattern is a classic command injection vulnerability. Since the agent has theBashtool allowed, a malicious user could provide input containing shell metacharacters (such as;,&&,|, or backticks) to execute arbitrary code on the host system with the same privileges as the agent. - [DATA_EXPOSURE]: While the skill primarily focuses on local file synchronization, the command injection vulnerability in Step 1 could be leveraged by an attacker to access and exfiltrate sensitive files from the environment.
Recommendations
- AI detected serious security threats
Audit Metadata