sc-explain
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted code or content provided in the
targetargument. Ingestion points: Thetargetparameter inSKILL.mdallows the agent to read files or system behavior. Boundary markers: The instructions do not include delimiters or specific commands to treat the analyzed content as data only, which could lead the agent to follow instructions embedded in the analyzed code. Capability inventory: The skill leverages tools includingRead,Grep, andBashfor analysis. Sanitization: No sanitization or validation of the input content is specified before processing. - [Command Execution] (SAFE): The skill utilizes
Bashfor runtime behavior analysis. This is a powerful capability, but it is necessary for and limited to the skill's primary purpose of explaining system behavior.
Audit Metadata