tool-inventory
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses 'Electric Fence' constraints in SKILL.md and the enforcement policy to override default agent behavior, explicitly forbidding the use of standard filesystem tools (grep, find) in favor of the skill's specific semantic search registry.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The scripts 'manage_tool_inventory.py' and 'generate_tools_manifest.py' ingest content from untrusted files in the 'plugins/' directory to extract docstrings and purposes. This data is used to populate the tool registry and summarized by an LLM distiller, creating an opportunity for malicious instructions inside script files to influence agent actions during tool discovery. Ingestion points: 'scripts/manage_tool_inventory.py' (extract_docstring) and 'scripts/generate_tools_manifest.py' (extract_purpose). Boundary markers: Absent. Capability inventory: File modifications ('standardize_header') and subprocess execution. Sanitization: Absent.\n- [COMMAND_EXECUTION]: The 'manage_tool_inventory.py' script executes other local scripts such as 'distiller.py' and 'cleanup_cache.py' via 'subprocess.run' and performs automated file system writes to standardize headers in detected scripts.
Audit Metadata