validate-package
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python script via the Bash tool using the
$ARGUMENTSvariable directly within a shell command string. While the variable is double-quoted, this pattern relies on the underlying platform's sanitization to prevent command injection if the input contains shell metacharacters. - [COMMAND_EXECUTION]: The skill attempts to execute a script located at
${SKILL_ROOT}/../athena-package/scripts/validate_athena_package.py. This uses a relative path to access a directory outside of the skill's own root directory. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted external data (.athena packages) and is instructed to report results based on error messages produced by that data.
- Ingestion points: Processes external files or directories provided via the
$ARGUMENTSpath. - Boundary markers: No boundary markers or 'ignore' instructions are used when interpreting the output of the validation script.
- Capability inventory: The skill has access to the
Bashtool, allowing for arbitrary command execution if the agent is manipulated. - Sanitization: No sanitization or validation of the script's output is performed before the agent processes and reports it to the user.
Audit Metadata