oc-toolsmith
Warn
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to manage and run project-specific tools via the 'oc toolbox' CLI. This involves executing arbitrary shell commands and scripts (Python, Bash, or Node.js) that are generated dynamically during the agent's operation.
- [PROMPT_INJECTION]: The skill exhibits vulnerabilities related to indirect prompt injection.
- Ingestion points: Untrusted data enters the context through task requirements that guide the 'oc-toolsmith' in authoring new scripts.
- Boundary markers: There are no specified delimiters or instructions to treat task data as untrusted content, increasing the risk that instructions embedded in the data could influence script generation.
- Capability inventory: The skill possesses 'Bash', 'Read', and 'Write' capabilities, allowing it to modify files and execute shell commands with the output of its generated scripts.
- Sanitization: No sanitization or validation logic is defined for inputs that are interpolated into script source code or command-line arguments like '--flags' and '--selftest'.
Audit Metadata