project-skill-scripts
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and parses content from multiple SKILL.md files across the project to identify script-creation patterns.
- Ingestion points: The Read tool is used in Step 2 to ingest content from arbitrary SKILL.md files found in the filesystem.
- Boundary markers: No delimiters or specific instructions are provided to the agent to ignore potentially malicious directives embedded within the analyzed files.
- Capability inventory: The skill has the ability to Write new shell scripts, Edit existing documentation, and execute commands via Bash.
- Sanitization: No sanitization or validation of the input SKILL.md content is performed before it is used to generate executable scripts.\n- [COMMAND_EXECUTION]: The skill executes a local analysis script (${CLAUDE_PLUGIN_ROOT}/.../analyze-skills.sh) and uses the Bash tool to perform directory creation and file mode changes.\n- [COMMAND_EXECUTION]: The skill is granted broad permissions to modify file modes (chmod *) through the Bash tool, which could be misused if the agent is manipulated via malicious input.
Audit Metadata