skill-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill exhibits a significant attack surface for indirect injection because it is designed to ingest and modify local files based on user-provided input.\n
- Ingestion points:
validate_python.pyandvalidate_yaml.pyaccept arbitrary file paths via command-line arguments.\n - Boundary markers: No delimiters or 'ignore instructions' warnings are present; the skill treats all file content as valid data for analysis and transformation.\n
- Capability inventory: The skill utilizes
Path.write_textto modify and overwrite files on the filesystem, including injecting new code blocks.\n - Sanitization: The tool lacks path validation or sandboxing, meaning it does not verify if a path is within the intended skill workspace before performing read/write operations.\n- [Command Execution] (MEDIUM): The 'auto-fix' logic automatically performs writes to the host filesystem. If an agent is directed to 'fix' a sensitive system file (e.g.,
.bashrc,.ssh/config, or environment files), the skill will inject Python docstrings or boilerplate functions, potentially corrupting the file or disabling system services.
Recommendations
- AI detected serious security threats
Audit Metadata