solo-audit
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute a local script located at 'scripts/check_links.py' if it exists within the project being audited. This allows for the execution of unverified code provided by the repository owner.
- [COMMAND_EXECUTION]: The skill extensively utilizes the 'Bash' tool to perform file system searches and content inspection.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from markdown files and their metadata. * Ingestion points: Markdown (.md) files, YAML frontmatter, and local scripts within the audited directory. * Boundary markers: There are no instructions or delimiters to prevent the agent from following malicious instructions embedded within the files. * Capability inventory: Access to 'Bash', 'Read', 'Grep', 'Glob', and 'mcp__solograph__kb_search' tools. * Sanitization: The skill does not validate or filter file content before processing it or incorporating it into the audit report.
Audit Metadata