arch-flow
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The 'Auto-Detection' logic instructs the agent to run shell commands where user input from '$ARGUMENTS' is directly interpolated into a 'grep' command string. This lack of sanitization allows an attacker to execute arbitrary shell commands via metacharacters like semicolons or backticks.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Data is read from files in the 'docs/' directory (sketches, specs, plans) as seen in SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: The skill uses tools like Bash, Write, Read, and Edit within SKILL.md. 4. Sanitization: None performed on the ingested file content. Malicious instructions hidden in these files could influence the agent's behavior in later pipeline stages.
- [DATA_EXFILTRATION]: The identified command injection vulnerability can be leveraged by an attacker to exfiltrate sensitive data from the local environment to an external server.
Recommendations
- AI detected serious security threats
Audit Metadata