skills/pedronauck/skills/qa-report/Gen Agent Trust Hub

qa-report

Fail

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper function prompt_input in both scripts/create_bug_report.sh and scripts/generate_test_cases.sh utilizes the eval command to dynamically assign user-supplied strings to shell variables. The implementation eval "$var_name=\"$input\"" fails to sanitize the $input variable, enabling command injection via shell metacharacters such as ;, $(...), or backticks. An attacker or malicious input can execute arbitrary shell commands within the environment where the scripts are run.
  • [REMOTE_CODE_EXECUTION]: The procedural steps in SKILL.md (Step 4 and Step 7) explicitly instruct the agent to execute these vulnerable shell scripts. Because these scripts are designed to take input from the agent's context, which may include untrusted data from user prompts or external sources, this vulnerability facilitates arbitrary code execution in the agent's operating environment.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources such as Figma design specifications and user-provided feature descriptions. This creates a surface for indirect prompt injection where data entering the agent context could manipulate the agent's output or influence the execution of the vulnerable shell scripts. Ingestion points include the qa-output-path argument in SKILL.md and Figma MCP integration described in references/figma_validation.md. The capability inventory includes the execution of local shell scripts. No sanitization, validation, or boundary markers are present in the provided files to mitigate the processing of embedded instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 19, 2026, 05:43 PM
Security Audit — agent-trust-hub — qa-report