knowledge-graph
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by parsing and displaying content from markdown files without sanitization. If an agent processes the script's output containing malicious instructions from these files, it may follow them.
- Ingestion points: Markdown files located in the target directory are parsed by resources/graph.sh.
- Boundary markers: Findings are presented with plain text headers but lack delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill uses find, grep, and awk via shell execution, and the agent typically has broad environment access.
- Sanitization: The script does not escape or validate extracted strings like entity names or YAML values.
- [COMMAND_EXECUTION]: The skill executes a local bash script resources/graph.sh to perform file system discovery and text processing.
Audit Metadata