slash-commands
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill documents a template system using $1, $2, and $ARGUMENTS to handle user input. This creates an indirect prompt injection surface where unsanitized external data could influence the agent's behavior.\n
- Ingestion points: Command arguments in slash command templates (SKILL.md).\n
- Boundary markers: Absent in provided templates.\n
- Capability inventory: Read, Write, and Bash tools are available for commands to use.\n
- Sanitization: No sanitization or validation of input arguments is demonstrated.\n- [COMMAND_EXECUTION] (LOW): The skill demonstrates how to create and execute files that run bash commands (e.g., git status) using a ! prefix. While this involves dynamic execution of generated logic, it is the documented purpose of the skill and includes examples of sandboxing capabilities through explicit allowed-tools declarations.
Audit Metadata