domain-classifier
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the yargs library to parse command-line arguments, specifically the --input flag which determines the target file path.
- [DATA_EXFILTRATION]: The skill reads data from the local filesystem using fs.readFileSync and safeReadFile based on the user-provided path. While no network exfiltration was detected, this provides access to local data for processing.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it ingests and processes untrusted data from files. * Ingestion points: Content from the file path provided via the --input argument. * Boundary markers: The skill lacks delimiters or instructions to ignore potential commands embedded within the file content. * Capability inventory: File system read access and integration with core classification utilities. * Sanitization: No sanitization, escaping, or validation of the file content is performed before processing.
Audit Metadata