skill-registry
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill scans and reads content from frontmatter in SKILL.md files and project convention files (e.g., .cursorrules, CLAUDE.md, agents.md) across multiple local and user-level configuration directories.
- Boundary markers: The resulting registry markdown does not employ boundary markers, delimiters, or specific instructions to treat the summarized triggers and descriptions as untrusted external content.
- Capability inventory: The skill performs filesystem writes (.atl/ directory and .gitignore modification) and invokes the mem_save tool to persist the aggregated data.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the metadata extracted from external files before it is included in the final registry markdown used by the orchestrator.
Audit Metadata