caps-format-validator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and validate external content from 'playbook.md', which establishes an indirect prompt injection surface. Maliciously crafted playbooks could attempt to influence the agent's behavior during the validation process. Evidence: 1. Ingestion: 'playbook.md' read via bash grep commands. 2. Boundary markers: None present. 3. Capability inventory: 'bash_tool', 'view'. 4. Sanitization: None.
- Command Execution (LOW): The skill utilizes the 'bash_tool' to execute local validation commands such as 'grep' and file existence checks. These operations are limited to the local workspace and are consistent with the skill's stated purpose of format verification.
Audit Metadata