reviewing-skills
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a workflow for reading and analyzing external SKILL.md files, which creates a surface for indirect prompt injection attacks.
- Ingestion points: The agent is instructed to read the full content of target SKILL.md files from the filesystem.
- Boundary markers: The instructions do not define any delimiters or provide guidance to treat the imported file content as untrusted data rather than agent instructions.
- Capability inventory: The skill prompts the agent to perform analysis, generate reports, and interactively apply 'fixes' or improvements to files.
- Sanitization: There is no mechanism described for validating, filtering, or sanitizing the content of the files before the agent processes them.
Audit Metadata