rate-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary function is to read and evaluate the contents of external markdown files.
- Ingestion points: The skill reads a user-specified file path (
SKILL.md) into its context for evaluation. - Boundary markers: There are no explicit instructions for the agent to treat the file content as data only or to ignore instructions embedded within the target file.
- Capability inventory: The skill only has the capability to read files and output a formatted markdown report. It cannot execute code, make network requests, or modify system settings.
- Sanitization: No sanitization or validation of the input file content is specified.
- Note: Because the skill lacks any dangerous tools, the impact of a successful injection is limited to producing an inaccurate rating report.
- [Data Exposure & Exfiltration] (SAFE): The skill reads local files for auditing but does not contain any instructions or tools (like curl or fetch) to send data to external servers. It does not access sensitive system paths.
- [Remote Code Execution] (SAFE): No remote scripts are downloaded or executed. The skill is entirely descriptive and instruction-based.
- [Prompt Injection] (SAFE): The instructions do not attempt to bypass safety filters, extract system prompts, or override the agent's core behavioral constraints.
Audit Metadata