Skills
skills/oaustegard/claude-skills/inspecting-skills/Gen Agent Trust Hub

inspecting-skills

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Dynamic loading and execution of Python modules from calculated file system paths via importlib.
  • [COMMAND_EXECUTION]: Modification of sys.path using sys.path.insert(0, ...) which can lead to import hijacking if the search path is compromised.
  • [COMMAND_EXECUTION]: Implementation of a custom importlib.abc.MetaPathFinder (SkillImportFinder) to intercept and redirect module imports at runtime.
  • [PROMPT_INJECTION]: Risk of indirect prompt injection where malicious instructions embedded in the docstrings or comments of indexed skills could influence agent behavior. Ingestion occurs in index_skill (scripts/index.py), which reads external Python files without boundary markers or sanitization, while the agent maintains the capability to execute such code via skill_import (scripts/skill_imports.py).
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 04:35 AM