Skills
skills/oimiragieo/agent-studio/tool-search/Gen Agent Trust Hub

tool-search

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's general operations are safe. It performs local tool discovery using standard Node.js modules and does not engage in network communication or unauthorized file access.
  • [SAFE]: Analysis of the indirect prompt injection surface (Category 8):
  • Ingestion points: The query parameter in scripts/main.cjs receives untrusted input from the agent during tool discovery searches.
  • Boundary markers: Absent. The skill handles input raw for tokenization, though the resulting matches are returned as structured JSON which limits injection potential into the agent context.
  • Capability inventory: The skill is restricted to reading the local .claude/config/tool-manifest.json file using the fs module to retrieve tool metadata.
  • Sanitization: Input is processed via a whitelist-based tokenization regex /[^a-z0-9_:-]+/ in scripts/main.cjs, which effectively filters out special characters and potential malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 11:59 PM