skills-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The taxonomy describes a keyword-based categorization system that processes metadata from other skills (untrusted data). An attacker could craft a malicious skill description to manipulate the manager's classification and bypass protection levels.
- Ingestion points:
references/skills_taxonomy.md(via thecategorize_skillpseudo-code logic). - Boundary markers: Absent; no delimiters or warnings for embedded instructions are specified in the classification framework.
- Capability inventory:
config/skills-manager-config.ymlenables significant capabilities including file deletion, merging, archiving, and automated Git commits. - Sanitization: No sanitization or validation of metadata keywords is mentioned in the algorithm description.
- [Dynamic Execution] (LOW): The
test_skill_loadingsetting inconfig/skills-manager-config.ymlimplies the system validates skills by attempting to load or import them. This presents a risk of executing untrusted code if a malicious skill is present in the managed directory.
Audit Metadata