Skills
skills/richfrem/agent-plugins-skills/audit-plugin/Gen Agent Trust Hub

audit-plugin

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python auditor (scripts/audit.py) and references the skills-ref CLI tool to perform structural validation of plugin directories. This is legitimate behavior for a developer tool.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted files from the target directory.
  • Ingestion points: scripts/audit.py reads the contents of README.md and SKILL.md files using f.read() and f.readlines().
  • Boundary markers: None. The raw text is read and displayed to the agent or evaluated for length and structure without isolation from instructions.
  • Capability inventory: The agent has Bash, Read, and Write permissions and is specifically instructed in SKILL.md to use these tools to 'fix compliance issues' based on the file contents.
  • Sanitization: No sanitization or instruction filtering is applied to the content of the files being audited.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 07:06 PM