skill-capture
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes a local script 'scripts/package_skill.py' with dynamic arguments. This script is not provided in the skill package, preventing a safety review of its operations.
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Extracts data from the conversation history (untrusted input). 2. Boundary markers: None are present to delimit user data from generated instructions. 3. Capability inventory: The agent can write new SKILL.md and plugin.json files and execute shell commands via the validation script. 4. Sanitization: None. The skill only removes project-specific names but does not inspect the extracted content for malicious prompt injection instructions, which can be persisted and later executed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata