explore-knowledge
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and synthesizes data from documentation files (docs/*.md) that could be influenced by external actors (e.g., via pull requests or other skills). 1. Ingestion points: The skill reads file content and frontmatter from the docs/ directory using Read and Grep operations. 2. Boundary markers: The instructions do not specify any delimiters or ignore-instructions for the interpolated doc content. 3. Capability inventory: The skill utilizes Grep, Glob, and Read capabilities. 4. Sanitization: No sanitization or escaping is mentioned for the content retrieved from documents before it is synthesized into an answer.
- [COMMAND_EXECUTION]: The skill instructions involve passing user-provided keywords and node slugs directly to search tools like grep and glob. Evidence: Instructions in SKILL.md to 'Grep docs/ for keywords from the question' and 'grep docs/ for [[target-slug]]'. If the agent implementation executes these via a shell without proper sanitization, it could lead to command injection.
Audit Metadata