janitor-precheck
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (
precheck.sh) found in the user's home directory. It accepts user-provided inputs, such as GitHub URLs or file paths, and passes them as arguments to the shell command. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to fetch and process
SKILL.mdfiles from external, untrusted sources (GitHub repositories). If a fetched file contains adversarial instructions (e.g., hidden in descriptions or metadata), the agent might follow them during the analysis phase. - Ingestion points: Fetches content from
SKILL.mdfiles via GitHub URLs or local paths provided by the user. - Boundary markers: The instructions do not define clear delimiters or use "ignore instructions" warnings when processing the external content.
- Capability inventory: The skill utilizes shell execution capabilities to run the pre-check script.
- Sanitization: There is no mention of sanitizing or validating the contents of the fetched external files before they are presented to the agent for keyword and description extraction.
Audit Metadata