skill-dependency-mapper
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill processes metadata (names, descriptions, tags) from other skills in the environment. This ingestion point is a surface for indirect prompt injection where malicious metadata in another skill could influence agent behavior. Evidence: (1) Ingestion points:
analyzer.scan_skills()reads files in /mnt/skills. (2) Boundary markers: Absent. (3) Capability inventory: Python execution of local scripts and filesystem writes to /tmp. (4) Sanitization: Absent. - [COMMAND_EXECUTION] (SAFE): The skill executes its own internal Python scripts (
analyze_skills.py,detect_bottlenecks.py) as part of its core workflow. This is standard behavior for a diagnostic tool and does not involve remote code execution or suspicious commands.
Audit Metadata