Skills
skills/skillrecordings/support/agent-tool/Gen Agent Trust Hub

agent-tool

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected.\n
  • Ingestion points: The reason parameter in the process_refund and escalate_to_human tools (SKILL.md) accepts arbitrary user input.\n
  • Boundary markers: The skill does not implement boundary markers or instructions for the agent to ignore embedded commands within these fields.\n
  • Capability inventory: The agent is configured with high-privilege capabilities including Bash access, Write operations, and sensitive integrations with Stripe, Front, and Slack.\n
  • Sanitization: User input is validated as a string via zod but lacks semantic sanitization or instruction filtering.\n- [COMMAND_EXECUTION]: The skill configuration explicitly allows the Bash tool in its metadata, providing the agent with shell command execution capabilities.\n- [EXTERNAL_DOWNLOADS]: The implementation imports vendor-specific modules @skillrecordings/core and @skillrecordings/sdk to handle application logic, registry lookups, and integration client management.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 10:33 PM