skills/q00/openclip/oc-toolsmith/Gen Agent Trust Hub

oc-toolsmith

Warn

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to manage and run project-specific tools via the 'oc toolbox' CLI. This involves executing arbitrary shell commands and scripts (Python, Bash, or Node.js) that are generated dynamically during the agent's operation.
  • [PROMPT_INJECTION]: The skill exhibits vulnerabilities related to indirect prompt injection.
  • Ingestion points: Untrusted data enters the context through task requirements that guide the 'oc-toolsmith' in authoring new scripts.
  • Boundary markers: There are no specified delimiters or instructions to treat task data as untrusted content, increasing the risk that instructions embedded in the data could influence script generation.
  • Capability inventory: The skill possesses 'Bash', 'Read', and 'Write' capabilities, allowing it to modify files and execute shell commands with the output of its generated scripts.
  • Sanitization: No sanitization or validation logic is defined for inputs that are interpolated into script source code or command-line arguments like '--flags' and '--selftest'.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 6, 2026, 03:47 AM
Security Audit — agent-trust-hub — oc-toolsmith