skill-forge-convert
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute local Python scripts (
scripts/convert_skill.pyandscripts/validate_skill.py) to perform its core functions of skill analysis, conversion, and validation. These scripts operate on local files and generate new configuration outputs. - [PROMPT_INJECTION]: The skill's design involves ingesting and processing external skill content, creating a surface for indirect prompt injection attacks. \n
- Ingestion points: The tool reads the source
SKILL.mdfile and other skill components (scripts, config) to perform its conversion logic (SKILL.md, Step 1). \n - Boundary markers: The provided instructions do not specify any boundary markers or instructions to the agent to treat the source material as untrusted data, which could lead to the agent following instructions embedded in the files being converted. \n
- Capability inventory: The skill performs file system modifications and script generation, including the creation of a multi-platform shell installer (
install-multiplatform.sh), based on the data it processes (SKILL.md, Step 7). \n - Sanitization: There is no description of sanitization or validation routines to ensure the content of the source files does not include malicious payloads or prompt injection attempts that could compromise the agent's integrity.
Audit Metadata