Skills
skills/osovv/grace-marketplace/grace-ask/Gen Agent Trust Hub

grace-ask

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the grace CLI tool (e.g., grace module find, grace module show) to explore project architecture and retrieve module details. These commands are executed locally within the project environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its file ingestion process.
  • Ingestion points: It reads AGENTS.md and multiple XML files within the docs/ directory (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded prompts when processing these project artifacts.
  • Capability inventory: The skill is capable of reading project files and executing local CLI commands to gather information.
  • Sanitization: No sanitization or escaping of ingested content is mentioned in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 05:54 AM