skill-scanner
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a bundled Python script (
scripts/scan_skill.py) and perform directory listings (ls) and searches (grep) to audit other skills. - [PROMPT_INJECTION]: The skill functions by ingesting and analyzing untrusted content from third-party agent skills, which presents an indirect prompt injection surface. 1. Ingestion points: Path to the target skill directory provided by the user. 2. Boundary markers: Not explicitly defined in the instructions for the agent. 3. Capability inventory: Includes file system read operations (
ls,cat,grep) and execution of bundled scripts viauv run. 4. Sanitization: The process relies on the agent's internal evaluation and a manual human-in-the-loop review workflow to identify malicious intent.
Audit Metadata