Skills
skills/luongnv89/skills/skill-inventory-auditor/Gen Agent Trust Hub

skill-inventory-auditor

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements a workflow to delete directories and files using rm -rf and rm. These are high-impact operations that can lead to permanent data loss if the target paths are incorrect or if the agent is manipulated into selecting wrong targets.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: Metadata (name and description) is parsed from SKILL.md files across multiple directories in scripts/scan_inventory.py.
  • Boundary markers: The skill lacks boundary markers to isolate untrusted skill descriptions when they are presented to the agent in Phase 2.
  • Capability inventory: The skill can execute shell commands (rm, rm -rf) as defined in the SKILL.md workflow.
  • Sanitization: No sanitization or validation of the ingested metadata is performed before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 06:03 PM