skill-validator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests and analyzes the content of other skills, creating a surface for indirect prompt injection. Evidence: 1. Ingestion points: Reads SKILL.md and other local files from the target skill being validated. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined for the ingested content. 3. Capability inventory: The skill is permitted to use Bash, Read, WebFetch, and WebSearch tools. 4. Sanitization: There is no mention of sanitizing or escaping the content of the skills being analyzed.
- [Command Execution] (SAFE): The skill utilizes the Bash tool to run a local Python script (python3 review-multi/scripts/validate-structure.py). This is standard and benign behavior for a validation and linting tool.
Audit Metadata