bash-style-guide
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in 'SKILL.md' direct the agent to execute local Python scripts, specifically 'scripts/resolve_style_guides.py' and 'scripts/validate_trigger_matrix_sync.py'. These scripts are external to the skill package, creating a dependency on the local environment and the potential for executing malicious code if an attacker can control those file paths.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of processing untrusted user-provided Bash scripts and CI configuration files.
- Ingestion points: The skill triggers on and reads content from '.sh' files, files with Bash shebangs, and YAML workflow files (SKILL.md).
- Boundary markers: There are no boundary markers or explicit instructions to the agent to disregard natural language instructions embedded within the analyzed code files.
- Capability inventory: The agent is granted the capability to execute shell commands, run Python scripts, and invoke multiple linting and testing tools (SKILL.md, references/quality-gate-command-matrix.md).
- Sanitization: The skill lacks requirements for sanitizing or validating the contents of the analyzed files before they are processed by the agent or passed to external tools.
Audit Metadata