Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/yaml-master/Gen Agent Trust Hub

yaml-master

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it proactively ingests and analyzes untrusted YAML files to generate outputs and suggested validation commands.
  • Ingestion points: Content is read from .yaml and .yml files in the workspace using Read, Glob, and Grep tools (SKILL.md).
  • Boundary markers: Absent. There are no specific instructions or delimiters to distinguish the skill's instructions from potentially malicious content within the processed files.
  • Capability inventory: The skill utilizes file modification tools (Write, Edit) and is intended to facilitate the execution of shell commands (Bash) for validation purposes.
  • Sanitization: Absent. The skill does not implement input validation or escaping mechanisms to prevent data from external files from influencing agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 04:30 AM