doc-command

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute the shell command tms help <command>. Because the command name is taken from user input without validation, an attacker could use shell metacharacters to execute unauthorized commands on the host.
  • [PROMPT_INJECTION]: The skill reads external content from Pascal source files and Markdown documentation, which creates a risk of indirect prompt injection if those files contain malicious instructions.
  • [PROMPT_INJECTION]: Evidence Chain: 1. Ingestion points: tms/src/Commands/ and doc/source/reference/ (identified in SKILL.md). 2. Boundary markers: None identified in SKILL.md. 3. Capability inventory: Shell command execution (tms help) and file system writes (identified in SKILL.md). 4. Sanitization: No sanitization steps for ingested file content are described in SKILL.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 04:59 AM
Security Audit — agent-trust-hub — doc-command