Skills
skills/snowtema/ajtbd-skills/ajtbd-b2c-segments/Gen Agent Trust Hub

ajtbd-b2c-segments

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform local filesystem operations, specifically running ls .ajtbd/ and mkdir -p .ajtbd to manage a hidden directory for research persistence.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to analyze content from user-provided URLs without sufficient isolation or instruction to ignore embedded commands.
  • Ingestion points: The $ARGUMENTS variable, which accepts a product description and a website link for the agent to process.
  • Boundary markers: There are no delimiters or explicit 'ignore embedded instructions' warnings around the interpolated user data.
  • Capability inventory: The skill is granted Bash (shell access), Write (file modification), and WebSearch (network retrieval) capabilities, which could be exploited if malicious content is processed.
  • Sanitization: The prompt contains no logic for filtering, escaping, or validating the data retrieved from external sources before it is analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:50 AM