self-audit
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python scripts such as
scripts/inventory_plugin.pyandscripts/assert_audit.pyusing relative path references (../../../) that target directories multiple levels above the skill's own root. It also uses the Bash tool to run dependency management commands likepip-compileandpip install. - [DATA_EXFILTRATION]: The skill utilizes path traversal patterns (
../../) to reference and read files located outside its designated directory, including repository-level documentation, requirements files, and test fixtures. - [PROMPT_INJECTION]: The skill functions by ingesting and analyzing external plugin code, which presents a surface for indirect prompt injection attacks.
- Ingestion points: The agent is instructed to read and analyze files within the
plugins/andtests/directories, including a fixture specifically described as 'flawed'. - Boundary markers: There are no boundary markers or explicit instructions to the agent to disregard instructions contained within the analyzed files.
- Capability inventory: The agent retains access to powerful tools including
Bash(shell execution),Read(file system access), andWritewhile processing untrusted plugin data. - Sanitization: No sanitization or validation logic is specified to handle potentially malicious content within the analyzed fixtures.
Audit Metadata