shell-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface because it reads and analyzes potentially untrusted shell scripts from the environment.
- Ingestion points: The skill uses 'find', 'grep', and the 'Read' tool to ingest content from files with .sh extensions as seen in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded instructions within the audited files.
- Capability inventory: The skill has access to 'Bash', 'Grep', and 'Read' capabilities which could be targeted by an injection attack.
- Sanitization: There is no evidence of content sanitization or filtering before the script content is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes local shell commands via the 'Bash' tool for script discovery and testing. Evidence includes 'find . -name "*.sh"' and 'grep -l "^#!/"' in SKILL.md, and the execution of 'pytest' for logic validation. While these are legitimate for the skill's purpose, they represent a capability that could be abused if an indirect prompt injection occurs.
Audit Metadata