data-upload-java-cli
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill specifies a hardcoded absolute path to a Java binary at
/Users/elliottleonard/Documents/Cursor/CLI/domoutil.jar. Executing binaries from user-specific home directories is a security risk as it bypasses standard environment configurations and creates a dependency on a path that could be targeted for local privilege escalation or binary hijacking. - [COMMAND_EXECUTION]: The provided Python and Shell scripts dynamically assemble multi-line command strings by concatenating user-provided or environment-derived data (e.g.,
friendly_name = csv_file.replace(...)) and piping them to a subprocess. This pattern is vulnerable to command injection if the input data (such as filenames in a processed directory) is maliciously crafted. - [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by consuming untrusted external CSV data to automate schema derivation and dataset generation.
- Ingestion points: The skill reads external CSV files via
derive-schema -d /path/to/data.csvandupload-dataset -f /path/to/data.csvinSKILL.md. - Boundary markers: Absent. There are no delimiters or instructions to the agent to disregard potentially malicious content embedded within the CSV files.
- Capability inventory: The skill possesses the capability to execute shell commands via
subprocess.runand perform network operations using the Domo API. - Sanitization: Absent. There is no evidence of validation or sanitization of the CSV content before it is processed by the CLI tool or the Python script logic.
Audit Metadata