skill-grader
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and evaluate untrusted files (markdown, scripts, and metadata) from a user-specified path. It lacks explicit instructions to treat the analyzed content as untrusted data or to ignore embedded instructions that might attempt to hijack the agent's behavior.
- Ingestion points: The skill reads all files within a provided skill directory, including
SKILL.md, references, and scripts. - Capability inventory: The agent uses
Read,Grep, andGlobtools to analyze the content of the target folder. - Boundary markers: No explicit delimiters (e.g., XML tags or triple quotes) are defined to separate the skill's instructions from the data being audited.
- Sanitization: No sanitization, filtering, or validation is performed on the audited content before it is processed by the agent.
Audit Metadata