skill-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/validate-metadata.py) to validate metadata strings such as the name and description. This execution is a functional part of the skill authoring workflow. - [PROMPT_INJECTION]: An indirect prompt injection surface is identified in the metadata validation workflow. Ingestion points: The
nameanddescriptionfields defined inSKILL.mdor drafted during the process. Boundary markers: No delimiters or explicit warnings are used in the command invocation to separate metadata from instructions. Capability inventory: The skill has the capability to execute local scripts and read their output. Sanitization: The validation script checks for character length and third-person style but does not perform sanitization for embedded prompt injection commands.
Audit Metadata