cancel
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run shell commands using input directly from the user, which constitutes a command injection vulnerability surface.\n
- Evidence: The instructions in
SKILL.mdguide the agent to executeouroboros cancel execution <execution_id>, where<execution_id>is provided by the user and directly interpolated into the command line.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) by failing to sanitize user-provided parameters used in high-privilege shell operations.\n - Ingestion points: User-provided
execution_idand--reasonvalues inSKILL.md.\n - Boundary markers: Absent; the instructions do not specify any delimiters or warnings to treat the user input as literal data.\n
- Capability inventory: The skill utilizes subprocess execution via the Bash shell to perform its primary function.\n
- Sanitization: Absent; there is no logic or instruction to validate the input for shell metacharacters or command separators.
Audit Metadata