agent-capability-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on the
levelpackage from the official NPM registry to manage its internal capability database. - [COMMAND_EXECUTION]: Utilizes local Node.js scripts (
populate-agent-descriptions.mjsandupdate-agent-map.mjs) to automate the extraction of agent metadata and the management of the audit store. - [DATA_EXFILTRATION]: Aggregates agent frontmatter descriptions and self-identified capability profiles from various project and user directories into a central JSON file (
.claude/audits/agent-map.json) to facilitate functional analysis. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes untrusted metadata (frontmatter and sub-agent responses).
- Ingestion points: Metadata is ingested from agent
.mdfiles inpopulate-agent-descriptions.mjsand from sub-agent responses inupdate-agent-map.mjs. - Boundary markers: The skill uses XML tags to structure sub-agent data collection, but does not implement explicit "ignore embedded instructions" warnings for the final analysis phase.
- Capability inventory: The workflow involves spawning autonomous sub-agents and executing shell commands based on the collected data.
- Sanitization: The skill performs basic parsing but does not sanitize ingested text for potential prompt injection payloads before processing.
Audit Metadata