bash
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (SAFE): While the skill mentions tools like 'Bash' and 'ShellCheck', it provides these as examples of commands the user should run or patterns to include in scripts. It does not contain any autonomous command execution or hidden scripts.
- [PROMPT_INJECTION] (SAFE): The 'FILE OPERATION CHECKPOINT' is a behavioral instruction (guardrail) rather than a malicious attempt to bypass safety filters. It uses natural instructional language to ensure the agent applies the skill's best practices before editing shell files.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process external content (editing .sh files). While this is an attack surface, the skill specifically mandates safety practices like variable quoting and ShellCheck, which are defensive measures against script-based injections.
- [DATA_EXFILTRATION] (SAFE): No network operations or sensitive file access patterns detected. The skill explicitly advises against storing secrets in scripts.
Audit Metadata