Skills
skills/oimiragieo/agent-studio/async-operations/Gen Agent Trust Hub

async-operations

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze external code files (Svelte, JS, TS). It lacks explicit boundary markers or sanitization logic to prevent malicious instructions embedded within the comments or metadata of the processed files from influencing the agent's behavior.
  • Ingestion points: Files matching the glob pattern **/*.{svelte,js,ts} are read into the context.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The agent is granted Read, Write, and Edit tool permissions, which could be abused if an indirect injection is successful.
  • Sanitization: There is no evidence of input validation or escaping for the content of the files being reviewed.
  • [COMMAND_EXECUTION]: The SKILL.md file defines a 'Memory Protocol' that instructs the agent to execute a local shell command (cat .claude/context/memory/learnings.md) to retrieve session state. While restricted to a specific directory, this establishes a pattern of executing commands based on instructions in the markdown body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 02:59 AM