skill-debugging-assistant
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill specifies a workflow step to execute a local script.
- Evidence: The skill instructs the user/agent to run
python3 scripts/validate_skill.py path/to/skill-folder. - Risk: If the script
scripts/validate_skill.py(which is not provided for analysis) is malicious or can be modified by an attacker, it leads to local command execution. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill's primary purpose is to ingest and analyze untrusted third-party content (other skills).
- Ingestion points: The skill reads
SKILL.mdand other files from arbitraryskill-folderpaths provided during debugging. - Boundary markers: Absent. There are no instructions to the agent on how to differentiate between the debugging instructions and the content of the skill being analyzed.
- Capability inventory: The skill possesses command execution capabilities (via the validation script).
- Sanitization: Absent. There is no evidence of filtering or sanitizing the content of the files being debugged.
- Risk: A malicious skill being "debugged" could contain hidden instructions that the agent might follow instead of its debugging task.
Audit Metadata