Skills
skills/ericgandrade/claude-superskills/agent-skill-discovery/Gen Agent Trust Hub

agent-skill-discovery

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and displaying data from untrusted sources.
  • Ingestion points: Metadata is read from plugin.json, SKILL.md, and .mcp.json files located in the current repository and platform-specific directories (~/.claude, ~/.github, etc.).
  • Boundary markers: The skill workflow does not specify the use of delimiters or instructions to the LLM to ignore potentially malicious content within the metadata fields (e.g., descriptions or triggers).
  • Capability inventory: The skill utilizes Glob, Read, and ToolSearch to collect information from the filesystem.
  • Sanitization: There is no evidence of sanitization or validation of the content read from these external files before it is incorporated into the generated catalog.
  • [COMMAND_EXECUTION]: The skill reads and presents MCP server configurations, which includes the command and args fields from .mcp.json. While the skill itself does not execute these commands, displaying them in the report could expose sensitive local paths or hardcoded parameters if present in the user's configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 03:53 AM