Command Development
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive documentation and examples for using the Bash tool to execute system commands (e.g., git, npm, kubectl) to gather context or perform actions during command execution. These are documented as standard patterns for building custom workflows.
- [PROMPT_INJECTION]: The skill explicitly instructs the agent on how to interpret and execute prompts defined in Markdown files. This includes using directive-based language specifically designed for the agent's consumption when a slash command is triggered.
- [EXTERNAL_DOWNLOADS]: In the marketplace considerations reference, the skill guides users on checking for and installing well-known technology dependencies (Git, Node.js, jq) from their official sources to ensure command compatibility.
- [DATA_EXPOSURE]: The skill explains the usage of the file reference syntax (@) to include local file contents in the agent's context. It identifies this as an attack surface and provides best practices for validating file paths and handling missing files.
- [DYNAMIC_EXECUTION]: Documentation is provided for creating workflows that generate and execute local scripts or maintain state in local files (.local.md) to manage complex multi-step processes.
Audit Metadata