skill-standardization
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple Python scripts (
convert_skills.py,remove_duplicates.py,final_cleanup.py) and provides Python code snippets for file manipulation that the agent is expected to run. - [REMOTE_CODE_EXECUTION]: The skill references and instructs the agent to run scripts located in a
scripts/directory that were not provided in the analyzed content, preventing a full security audit of the logic being executed. Referencing and executing unprovided local code constitutes a security risk. - [PROMPT_INJECTION]: The skill processes
SKILL.mdfiles which are untrusted external data. This creates a surface for indirect prompt injection where malicious instructions inside the target files could attempt to influence the agent's actions during the standardization process. - Ingestion points: The skill reads content from
SKILL.mdfiles in the repository. - Boundary markers: No delimiters or "ignore instructions" warnings are utilized when processing the untrusted file content.
- Capability inventory: The agent is granted capabilities to execute Python scripts, use Bash, and perform file write/edit operations.
- Sanitization: No evidence of sanitization, validation, or escaping of the file content is present before it is processed.
Audit Metadata