skill-analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains an automated workflow that generates a shell script (
analyze_skills.sh) at runtime, applies execution permissions, and runs it to perform dependency and pattern analysis. - [CREDENTIALS_UNSAFE]: The tool is instructed to read the
.git/configfile. This is a sensitive file path that often contains authentication tokens, private repository URLs, or other developer credentials. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the project being analyzed (e.g., source code, dependency manifests).
- Ingestion points: The skill uses
catandgrepon files likerequirements.txt,package.json, and various configuration files. - Boundary markers: There are no explicit instructions or delimiters used to prevent the AI from interpreting instructions contained within these files.
- Capability inventory: The skill has the ability to execute shell commands and write files to the local system.
- Sanitization: No sanitization or validation is performed on the content of the analyzed files before they are incorporated into the agent's context.
Audit Metadata