performance-optimization
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Documentation within 'conditional-loading.md' suggests using shell commands like 'find' and 'sed -i' to perform mass modifications across markdown files in the skills directory, which could lead to unintended data modification if applied to incorrect paths.
- [DATA_EXFILTRATION]: The 'content_loader.py' and 'quick_start_generator.py' tools ingest arbitrary file paths provided as arguments. If the agent is manipulated, these tools could be used to read sensitive local files outside the scope of the skill library.
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by reading and re-displaying content from external markdown files.
- Ingestion points: Content is read from 'SKILL.md' files via 'scripts/content_loader.py' and 'scripts/quick_start_generator.py'.
- Boundary markers: The loader uses HTML comments like 'MORE_CONTENT' as delimiters, which are easily spoofed by malicious content within the processed files.
- Capability inventory: The skill has access to 'Read' and 'Bash' tools and performs file write operations.
- Sanitization: There is no evidence of content sanitization or instruction filtering for the markdown data processed by the scripts.
Audit Metadata