l5-red-team-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The files 'research' and 'tests' contain relative path references ('../../research' and '../../tests') that attempt to access directories outside the skill's immediate environment. While no network exfiltration is detected, this expands the file access surface beyond the expected skill scope.- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool and instructs the agent to 'run tools' and 'run a verification command' during the auditing process. This pose a risk if the agent attempts to execute logic based on untrusted content found within the plugins being audited.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted third-party plugin directories.
- Ingestion points: The agent walks directory trees and reads all 'SKILL.md' files and validation scripts within target plugins (Step 1).
- Boundary markers: The instructions do not provide delimiters or instructions to treat the ingested code as data rather than instructions.
- Capability inventory: The skill has 'Bash', 'Read', and 'Write' permissions, which could be abused if the agent follows instructions hidden within a target plugin's files.
- Sanitization: There is no evidence of sanitization or safety checks performed on the content of the target plugins before analysis or 'verification' execution.
Audit Metadata