validate-skill-functionality
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill contains an Indirect Prompt Injection surface because its primary purpose is to ingest and follow logic from external SKILL.md files and conversation tool calls. This could lead to an agent following instructions hidden in the data it is supposed to validate. • Ingestion points: SKILL.md files, conversation tool call history, and referenced files in references/ or scripts/. • Boundary markers: None specified; there are no instructions to use delimiters or ignore embedded commands. • Capability inventory: Read and script execution (nexus-loader.py, bulk-complete.py). • Sanitization: None described.
- COMMAND_EXECUTION (LOW): The workflow involves reviewing or initiating script execution through nexus-loader.py and bulk-complete.py using dynamic parameters. While these appear to be internal tools, there is a risk of argument manipulation if skill names are taken from untrusted user input or conversation history. This finding is downgraded from MEDIUM because it is central to the skill's primary validation purpose.
Audit Metadata