Skills
NYC
skills/boshu2/agentops/inject/Gen Agent Trust Hub

inject

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect prompt injection surface detected.
  • Ingestion points: Data enters the agent context from files within .agents/learnings/, .agents/patterns/, .agents/research/, and .agents/retros/ (referenced in SKILL.md).
  • Boundary markers: Absent. The skill summarizes and injects content directly into the session context without visible delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill utilizes the ao inject CLI tool and standard shell commands (ls, head) to retrieve and process local artifacts.
  • Sanitization: Absent. There is no evidence of escaping or filtering content retrieved from the knowledge pools before it is presented to the agent.
  • COMMAND_EXECUTION (LOW): The skill executes local CLI tools and shell scripts for knowledge retrieval and validation.
  • Evidence: SKILL.md documents execution of ao inject --apply-decay and ls -lt for context retrieval.
  • Evidence: scripts/validate.sh uses bash -c to run validation checks on the skill's structure, though the commands are statically defined.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:14 PM