ecosystem-standards
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process and audit untrusted external data in the form of AI agent skill files and plugins. This role creates a vulnerability to indirect prompt injection if instructions within audited files attempt to influence the auditing agent's logic.
- Ingestion points: Audits YAML frontmatter and markdown body of skill files (
SKILL.md) and references (references/*.md). - Boundary markers: The protocol lacks explicit instructions to treat the audited content as inert data or use delimiters to prevent command injection via file content.
- Capability inventory: The skill has access to
Bash,Read, andWritetools. - Sanitization: No explicit sanitization or filtering of input file content is defined in the auditing instructions.
- [COMMAND_EXECUTION]: The skill's instructions and its L4 pattern library reference the use of CLI tools and local script execution.
- Direct instructions suggest recommending the
skills-ref validatecommand to users. - Pattern definitions (e.g.,
delegated-constraint-verification-loop,local-interactive-output-viewer-loop) involve executing local Python scripts such asverify_config.pyand starting local servers viapreview_server.py. - [EXTERNAL_DOWNLOADS]: The
dynamic-specification-fetchingpattern within the skill's library recommends fetching documentation from remote sources at runtime to ensure context freshness. - Example target:
https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.mdusing theWebFetchtool. - Note: This is documented as a best practice for context management and utilizes a well-known service (GitHub), which is categorized as standard behavior.
Audit Metadata