Skills
skills/pluginagentmarketplace/custom-plugin-bash-shell/shell-tools/Gen Agent Trust Hub

shell-tools

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill's documentation and scripts are benign and do not contain malicious patterns or obfuscation.
  • [COMMAND_EXECUTION]: Guidance is provided for using standard Unix utilities like jq, xargs, and parallel. These tools are legitimate and intended for the skill's primary purpose of data processing.
  • [EXTERNAL_DOWNLOADS]: Demonstration of data ingestion using curl from api.example.com is used neutrally for educational purposes.
  • [PROMPT_INJECTION]: The processing of external data via shell tools creates an indirect prompt injection surface.
  • Ingestion points: API data fetched via curl and file inputs as described in SKILL.md.
  • Boundary markers: None are explicitly included in the pipeline examples provided.
  • Capability inventory: Significant command execution capabilities are available through the documented shell tools.
  • Sanitization: Structural parsing with jq is demonstrated, but no content-level sanitization is provided for data interpreted by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:19 AM