releasing-agentfiles
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled bash script at
.skills/releasing-agentfiles/scripts/process-avatar.shand utilizes standard system CLI tools such as ImageMagick (magick/convert), sips, and git to automate directory creation, image padding, and repository commits.\n- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it processes untrusted user-contributed agent files.\n - Ingestion points: User-provided .af files (JSON) and avatar images enter the agent context via file system reads.\n
- Boundary markers: Absent in the README generation instructions, though the skill directs the agent to follow established project guidelines.\n
- Capability inventory: Script execution (bash), subprocess calls to image utilities and git, and local file system write access.\n
- Sanitization: The skill explicitly instructs the agent to manually verify that contributed .af files contain no sensitive data like API keys or personal info, effectively mitigating common risks associated with untrusted data ingestion.\n- [SAFE]: The skill is authored by the platform vendor (letta-ai) and manages resources within the official vendor repository. No suspicious network activity, unauthorized file access, or remote code execution from untrusted sources was detected.
Audit Metadata