generate-runner
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates shell and Node.js scripts in the
.claude/scripts/directory and uses theBashtool to applychmod +xto make them executable. It also performs a basic syntax check on the generated code, which involves potential execution or linting of the dynamically created files.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by reading configuration data from untrusted project files and directly interpolating it into executable script templates.\n - Ingestion points: Reads from project manifest files such as
package.json,pyproject.toml, and lock files, as well as configuration files like.claude/runner-config.json.\n - Boundary markers: No explicit delimiters or instructions are used to separate untrusted project data from the execution templates, leaving the generation process vulnerable to embedded instructions.\n
- Capability inventory: The skill utilizes the
Writetool to create executable files and theBashtool to modify file permissions and verify script syntax.\n - Sanitization: There is no evidence of validation, escaping, or filtering of the content extracted from project files before it is injected into the runner script templates.
Audit Metadata