agents-analyze
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs dynamic context injection (the '!' syntax) to execute filesystem discovery commands at load time. These commands ('find') are used to populate the agent's context with the current project structure. This behavior is used for reconnaissance purposes and does not target sensitive system directories or perform unauthorized network operations.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection vulnerabilities due to its primary function of reading and analyzing content from other skill and agent files.
- Ingestion points: The skill instructions direct the agent to read 'SKILL.md' and agent markdown files throughout the repository to perform its analysis.
- Boundary markers: There are no explicit instructions or delimiters defined to separate the data being analyzed from the agent's core instructions, nor are there warnings to ignore embedded instructions in those files.
- Capability inventory: The skill has the capability to write or modify files via 'TodoWrite' and execute limited shell commands using 'Bash'.
- Sanitization: No validation, escaping, or sanitization processes are mentioned for the content ingested from the external files before it is processed by the model.
Audit Metadata