yaml-master
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to automatically ingest and process untrusted YAML configuration files from the user's workspace.
- Ingestion points: Automatically triggers on and reads .yaml and .yml files as described in SKILL.md and references/SKILL.full.md.
- Boundary markers: The instructions do not define clear delimiters or instructions for the agent to treat file content strictly as data, increasing the risk that the agent might follow instructions embedded within a YAML file.
- Capability inventory: The skill has access to powerful tools including Read, Write, Edit, and Bash, which could be abused if an injection is successful.
- Sanitization: There is no explicit logic described for sanitizing or escaping the content of the YAML files before processing.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute or suggest validation commands for YAML configurations, such as kubectl or Docker Compose checks.
Audit Metadata