knowledge-capture
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The deduplication workflow in
SKILL.mdandreference/knowledge-capture.mdsuggests executing shell commands using user-provided keywords without explicit sanitization. - Evidence: The skill instructions specify using
grep -ri "main keyword"andfind docs -name "*topic-keyword*"where the keywords are sourced from user input. - Risk: A malicious user could provide input containing shell metacharacters such as
;or&&to execute unintended commands on the host environment. - [PROMPT_INJECTION]: The skill processes untrusted external data to create documentation, creating an attack surface for indirect prompt injection.
- Ingestion points: Untrusted data is ingested during the capture of business rules and technical patterns in the
ActivationandWorkflowsections ofSKILL.md. - Boundary markers: The skill lacks specific instructions or delimiters to isolate the ingested data or to warn the agent to ignore any instructions embedded within that data.
- Capability inventory: The skill allows the agent to perform recursive file searches, list directory contents, and write or update files on the filesystem.
- Sanitization: There is no mention of input validation or sanitization for the content processed by the documentation templates.
Audit Metadata