agent-bridge
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file contains behavioral instructions such as "You are a Universal Translator" and "you MUST invoke the installer with that specific target name" which direct the agent's logic and argument selection.\n- [COMMAND_EXECUTION]: The script install_all_plugins.py utilizes subprocess.run to execute the bridge_installer.py script as a separate process to perform bulk installations.\n- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface:\n
- Ingestion points: Content is read from markdown and TOML files within the plugins/ directory (bridge_installer.py, install_all_plugins.py).\n
- Boundary markers: Absent. HTML comments (e.g., ) are used to organize concatenated rules but do not act as security boundaries to prevent instruction obedience by the host agent.\n
- Capability inventory: The skill has the capability to write files to core agent configuration directories (.claude, .gemini, .github, .agent) and execute local python scripts.\n
- Sanitization: Absent. The skill only performs simple string replacements for actor-related flags and does not sanitize or filter instructions within the content it bridges to target environments.
Audit Metadata