Skills
skills/curiositech/some_claude_skills/chatbot-analytics/Gen Agent Trust Hub

chatbot-analytics

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests broad permissions for Bash(npm:*,npx:*), enabling the agent to execute arbitrary npm commands or npx packages. This presents a risk of executing untrusted code if the agent's instructions are subverted.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: The skill processes AIResponseMetadata flags and AnalyticsAlert configurations derived from external sources or model outputs in the deriveCategory and alerting logic.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested metadata flags to prevent logic subversion.
  • Capability inventory: The skill is granted high-privilege tools including Bash(npm:*,npx:*), Write, and Edit, allowing for file modification and arbitrary script execution.
  • Sanitization: The implementation patterns for handling metadata and alerts do not include validation or sanitization steps to ensure inputs do not contain instructions that could influence the agent's behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 01:07 PM