integrate-skill
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external source skills in Step 1. Ingestion points: external source files (SKILL.md, references, and scripts) read from user-provided paths or repositories. Boundary markers: the workflow lacks explicit delimiters or instructions to ignore embedded agent commands in the source data. Capability inventory: the agent has capabilities for file system creation (Step 5), file deletion (Step 7), and shell execution via Git commands (Step 7). Sanitization: there is no evidence of content validation or escaping before the data is processed or delegated to other generation skills.
- [COMMAND_EXECUTION]: The skill is configured to perform file writes, modifications, and deletions, as well as version control operations. These activities are governed by a mandatory user approval gate in Step 4, which requires the user to review and confirm the integration design before any changes are applied to the workspace environment.
Audit Metadata