Skills
skills/athola/claude-night-market/graph-search/Gen Agent Trust Hub

graph-search

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instruction for running the query script (python3 ... --query "<term>") directly interpolates the user-provided search term into a bash command. This presents a command injection risk if the user input includes shell metacharacters like backticks, semicolons, or dollar signs.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes user input that controls the parameters of a command execution.
  • Ingestion points: User-provided search term captured in the <term> placeholder in SKILL.md.
  • Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore instructions within the input.
  • Capability inventory: Subprocess execution via a bash call to a Python script.
  • Sanitization: Absent; there are no instructions for the agent to escape or sanitize the input before command interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:26 PM