Skills
skills/nguyenthienthanh/aura-frog/response-analyzer/Gen Agent Trust Hub

response-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions utilize the Bash tool to execute various shell commands including npm test, find, grep, jq, wc, cat, and rm. It also references the execution of local scripts scripts/response-save.sh and scripts/response-summary.sh to handle data processing.
  • [EXTERNAL_DOWNLOADS]: The skill includes usage patterns that involve fetching data from external URLs using curl (e.g., https://api.example.com/users).
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes data from potentially untrusted sources.
  • Ingestion points: Data is ingested from command outputs, API responses, and file search results as seen in the usage patterns in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided patterns.
  • Capability inventory: The skill is authorized to use Bash, Write, and Read tools, which could be exploited if malicious instructions are processed.
  • Sanitization: There is no evidence of sanitization or validation of the data before it is summarized or re-displayed to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 11:12 PM