skill-comparison
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mddirect the agent to execute shell commands likecatandpython scripts/fetch_skill.pyto retrieve data from local or remote sources. While intended for skill comparison, this capability could be abused if the agent is directed to access sensitive files. - [EXTERNAL_DOWNLOADS]: The
scripts/fetch_skill.pyutility usesurllib.requestto download content from arbitrary URLs provided by the user, which can lead to the ingestion of malicious data. - [PROMPT_INJECTION]: The skill's core function is to analyze untrusted content from external sources, making it vulnerable to indirect prompt injection.
- Ingestion points: Data enters the agent context through URLs and local file paths processed by
scripts/fetch_skill.pyandcatinSKILL.md. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the fetched content.
- Capability inventory: The skill can execute shell commands (
cat) and Python scripts (scripts/fetch_skill.py) to access the filesystem as described inSKILL.md. - Sanitization: The skill performs no sanitization, escaping, or validation of the external content before it is processed by the agent.
Audit Metadata