integrate-skill
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
openskills readcommand to retrieve content from external skills. This is a core part of its intended functionality for documentation integration. - [COMMAND_EXECUTION]: The skill provides templates for the agent to recommend and execute package installation commands (
npm install,pnpm add,yarn add) to satisfy dependencies found within integrated skills. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests content from external sources which could contain malicious instructions or deceptive code patterns.
- Ingestion points: External data enters the context via the
openskills read <skill-name>command inSKILL.md. - Boundary markers: The skill does not provide delimiters or instructions to the agent to treat the ingested skill content as potentially untrusted or to ignore any embedded instructions within that content.
- Capability inventory: The skill possesses the capability to write files to the local
.trellis/directory and suggests the installation of software packages via standard package managers. - Sanitization: There is no evidence of content validation, filtering, or escaping for the data retrieved from external skills before it is processed into guidelines or examples.
Audit Metadata