review-skill-format
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it ingests and processes content from untrusted SKILL.md files.
- Ingestion points: Steps 1, 2, 3, and 5 read content from 'skills//SKILL.md' using head and grep.
- Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings used when reading the external files.
- Capability inventory: The skill uses shell-based file inspection tools (grep, head, wc, test) which are limited to read-only operations.
- Sanitization: No sanitization or validation of the file content is performed before processing.
- [COMMAND_EXECUTION]: The procedure includes shell command templates that directly interpolate the '' placeholder. This pattern could allow for local command injection if an attacker-controlled string containing shell metacharacters is provided as the skill name.
Audit Metadata