Skills
skills/lum1104/understand-anything/understand-chat/Gen Agent Trust Hub

understand-chat

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: User-supplied query strings are directly interpolated into shell commands. Specifically, the instructions direct the agent to 'use Grep to search... for the user's query keywords: "$ARGUMENTS"'. This pattern is vulnerable to shell command injection (e.g., using semicolons or pipes) if the underlying agent platform executes these as raw shell commands without sanitization.
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface by processing untrusted data extracted from the codebase.
  • Ingestion points: The skill reads from .understand-anything/knowledge-graph.json (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore embedded commands within the graph data.
  • Capability inventory: The skill utilizes grep and read tools to process the file and provides the resulting summaries and node data to the agent context.
  • Sanitization: No sanitization or validation of the graph content is performed before the agent processes it to answer user queries.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 12:02 PM