antv-skills-maintainer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its automated metadata synchronization logic. \n
- Ingestion points: Metadata (name and description) is ingested from all SKILL.md files located within the skills/ directory. \n
- Boundary markers: No protective delimiters or instructions are used to separate the ingested metadata from the surrounding structure of the target files. \n
- Capability inventory: The skill possesses the capability to modify core repository files, specifically README.md and .claude-plugin/marketplace.json. \n
- Sanitization: The skill lacks any mechanism for sanitizing, escaping, or validating the ingested strings before they are interpolated into the target configuration and documentation files.
Audit Metadata