doc-command
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute the shell command
tms help <command>. Because the command name is taken from user input without validation, an attacker could use shell metacharacters to execute unauthorized commands on the host. - [PROMPT_INJECTION]: The skill reads external content from Pascal source files and Markdown documentation, which creates a risk of indirect prompt injection if those files contain malicious instructions.
- [PROMPT_INJECTION]: Evidence Chain: 1. Ingestion points:
tms/src/Commands/anddoc/source/reference/(identified in SKILL.md). 2. Boundary markers: None identified in SKILL.md. 3. Capability inventory: Shell command execution (tms help) and file system writes (identified in SKILL.md). 4. Sanitization: No sanitization steps for ingested file content are described in SKILL.md.
Audit Metadata