sh-style-guide
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize external Python scripts (scripts/resolve_style_guides.py and scripts/validate_trigger_matrix_sync.py) for logic and validation. These are vendor-owned resources but are not provided in the skill package for security verification.
- [DATA_EXFILTRATION]: A quick-start snippet (run_curl) demonstrates passing an API_TOKEN via a Bearer header to a variable URL. This pattern represents a potential for credential leakage if the URL variable is populated from untrusted or external sources.
- [COMMAND_EXECUTION]: The guide includes examples using eval and dynamic command execution ($@) within a retry loop. While the skill advises caution for eval, these patterns are inherently risky if inputs are not strictly sanitized.
- [PROMPT_INJECTION]: Indirect Prompt Injection Analysis: 1. Ingestion points: The skill processes user-provided .sh files, shebang lines, and CI workflow configurations. 2. Boundary markers: No delimiters are specified to distinguish between the skill's instructions and the untrusted shell code being analyzed. 3. Capability inventory: The skill encompasses capabilities for network requests (curl), file system manipulation (rm -rf, mktemp), and signal trapping. 4. Sanitization: The skill does not provide automated sanitization logic, instead relying on the instruction to 'Validate all external input before using it in commands'.
Audit Metadata