skill-crafting
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted SKILL.md files through its validation scripts, creating a potential indirect prompt injection surface.\n
- Ingestion points: Files located at user-provided paths are read by scripts like analyze-all.py, analyze-tokens.py, and check-char-budget.py.\n
- Boundary markers: The output from analysis scripts is injected into the agent's context without clear delimiters or instructions to ignore instructions found within the analyzed files.\n
- Capability inventory: The skill is granted permissions for Read, Write, and Bash(python:*) tools.\n
- Sanitization: There is no evidence of sanitization, escaping, or filtering of the content read from files before it is processed or reported to the agent context.\n- [COMMAND_EXECUTION]: The skill requires bash execution to run its internal Python scripts (e.g., python3 scripts/analyze-all.py). While restricted to the python command, this capability combined with the injection surface increases the risk profile.
Audit Metadata