Skills
skills/333-333-333/iris/skill-sync/Gen Agent Trust Hub

skill-sync

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local bash script (assets/sync.sh) to update project documentation. This is the core functionality and is used to manage the project structure.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads metadata from all skill files and injects them into AGENTS.md files which guide agent behavior.
  • Ingestion points: Metadata fields (scope, auto_invoke) from any file matching the pattern skills/*/SKILL.md.
  • Boundary markers: None. The content is inserted directly into markdown tables without delimiters warning the agent about external content.
  • Capability inventory: The skill uses the Bash tool to modify AGENTS.md files throughout the repository root and subdirectories.
  • Sanitization: The sync script performs basic whitespace trimming but does not validate or sanitize the content for embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 02:57 AM