Skills
skills/azure12355/weilan-skills/skill-manage/Gen Agent Trust Hub

skill-manage

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses powerful shell commands to manage files, specifically rm -rf for uninstallation and unzip for installation. While these are restricted to the ~/.claude/skills/ and project directories, they represent a significant capability for modifying the agent's environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it extracts and displays text from the description and SKILL.md files of other installed skills.
  • Ingestion points: The scripts/list_skills.sh script and SKILL.md workflow read content from other skills' SKILL.md files using sed and cat.
  • Boundary markers: No specific delimiters or instructions are used to tell the agent to ignore embedded instructions within the processed skill descriptions.
  • Capability inventory: The agent has the ability to execute file operations (rm, cp, unzip, ls) and read file contents across the local filesystem.
  • Sanitization: The script uses basic string manipulation (sed, cut, tr) to extract metadata but does not perform any sanitization to prevent the interpretation of malicious instructions contained within those fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:41 PM