roslynskills-tight
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute the 'roscli' tool or 'scripts/roscli' script via Bash or PowerShell to perform operations such as symbol renaming, navigation, and code diagnostics. This includes the use of a 'query.batch' command which dynamically dispatches multiple sub-commands from a JSON-formatted input string.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion and processing of untrusted content from the repository.
- Ingestion points: Source code, project files, and search results are read into the agent's context through commands like 'nav.find_symbol', 'ctx.search_text', and 'analyze' calls.
- Boundary markers: The skill does not define explicit delimiters or 'ignore' instructions to prevent the agent from accidentally following instructions that might be embedded within the processed repository files.
- Capability inventory: The agent has the capability to execute shell commands via 'Bash' and modify the filesystem using the 'Edit' and 'Write' tools based on the output of its analysis.
- Sanitization: There is no evidence of sanitization or validation of repository content before it is interpolated into prompts or used to guide agent actions.
Audit Metadata