Getting Started with Skills
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains directive instructions using 'YOU MUST', 'Don't rationalize', and 'Critical Rules' which attempt to override the agent's default decision-making process and enforce rigid compliance with external skill files. - [COMMAND_EXECUTION]: The
skill-runscript implements a generic execution primitive that allows the agent to run any executable file residing within the skills directory tree by using theexeccommand. - [COMMAND_EXECUTION]: The
find-skillsscript utilizes shell utilities likefindandgrepto search through skill files on the local filesystem based on potentially unvalidated patterns provided to the script. - [PROMPT_INJECTION]: Analysis of the Indirect Prompt Injection surface within the skill framework:
- Ingestion points: Data enters the system context when the agent reads
SKILL.mdfiles discovered by thefind-skillstool or specified via file paths. - Boundary markers: There are no identified boundary markers or instructions to ignore embedded commands; instructions explicitly command the agent to 'Follow it exactly' and read the 'ENTIRE file'.
- Capability inventory: The skill includes tools for searching the filesystem (
find-skills), executing scripts (skill-run), and managing persistent tasks (TodoWrite). - Sanitization: No validation, sanitization, or filtering of the content within the processed skill files is performed before the agent is instructed to act upon them.
Audit Metadata