yaml-config-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): This skill is designed to ingest and validate external YAML content (untrusted data) while possessing write and execution capabilities (Bash, Write, Edit). This combination allows for high-severity indirect prompt injection where malicious configurations could trigger unauthorized system commands. Ingestion points: External YAML files processed via Read tool. Boundary markers: None present. Capability inventory: Bash, Write, Edit, Read, Grep. Sanitization: None described.
- [Command Execution] (MEDIUM): The skill explicitly requests access to the Bash tool. Without accompanying code to audit how commands are constructed, there is a risk that untrusted YAML data could be interpolated directly into shell commands.
- [Metadata Poisoning] (LOW): The skill uses auto-activation triggers that could lead to the agent assuming high-privilege tool access for any request mentioning yaml validation, increasing the potential for accidental misuse.
Recommendations
- AI detected serious security threats
Audit Metadata