comet-build
Warn
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage environment state, git branches, and project-specific build operations.\n- [REMOTE_CODE_EXECUTION]: The skill dynamically locates and sources an environment script (
comet-env.sh) by searching through the current directory and several hidden folders in the user's home directory (e.g.,$HOME/.*/skills,$HOME/.config,$HOME/.gemini). Sourcing and executing scripts from paths discovered at runtime is a dangerous pattern that can lead to arbitrary code execution if malicious files are present in the search paths.\n- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by ingesting and following instructions from external plan files and task lists.\n - Ingestion points: Reads feature plans from
docs/superpowers/plans/and task lists fromtasks.md.\n - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands within the ingested data.\n
- Capability inventory: Full shell access, git repository management, and the ability to load and execute other agent skills.\n
- Sanitization: No evidence of validation or sanitization of the content within the plan or task files before processing.
Audit Metadata