Skills
skills/bluewaves-creations/bluewaves-skills/install-docs-deps/Gen Agent Trust Hub

install-docs-deps

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill interpolates the $ARGUMENTS variable directly into the natural language instructions. Without boundary markers or escaping, a malicious user could provide input designed to override the agent's logic or bypass safety constraints.
  • [COMMAND_EXECUTION]: The skill executes a Python script (install_deps.py) using a relative path (../pdf-factory/scripts/) that points outside the skill's own directory. This introduces a dependency on the host's file system structure and could be exploited if the target directory is attacker-controlled.
  • [COMMAND_EXECUTION]: The instructions recommend using the --break-system-packages flag with pip. This bypasses environment protections and allows modifications to the system's global Python environment, which can lead to software conflicts or system instability.
  • [PROMPT_INJECTION]: Indirect prompt injection surface analysis:
  • Ingestion points: User-supplied input via $ARGUMENTS in SKILL.md.
  • Boundary markers: Absent; input is interpolated directly into the instruction flow.
  • Capability inventory: Shell command execution (Bash), local script execution, and package installation.
  • Sanitization: None identified for the user-supplied arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 10:15 PM