config-reader
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads configuration data from local files (
.agents.ymland.agents.local.yml). If these files are sourced from an untrusted repository or modified via a malicious pull request, they could contain embedded instructions designed to manipulate the agent's logic when it retrieves these values. - Ingestion points: The
scripts/config_reader.shscript reads data directly from.agents.ymland.agents.local.yml. - Boundary markers: Absent. There are no instructions or delimiters used to warn the agent that the configuration values might contain untrusted natural language instructions.
- Capability inventory: The skill executes a local shell script that uses
yqto parse YAML; the resulting values are then used by the agent to determine its tech stack, workflow, or task management behavior. - Sanitization: No sanitization or validation is performed on the values retrieved from the YAML files before they are returned to the agent's context.
Audit Metadata