skill-hide
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file contains 'Mandatory Rules' (强制规则) that dictate how the AI should handle specific keywords and when it must confirm actions. These instructions are intended to override the agent's default decision-making process for the duration of the skill's use.
- [COMMAND_EXECUTION]: The skill executes Python scripts that perform file system operations such as renaming files and listing directory contents. Evidence: scripts/hide_skill.py and scripts/unhide_skill.py use os.rename and os.listdir to manage file states.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted directory paths and skill names without adequate sanitization or boundary markers. 1. Ingestion points: User-provided directory paths via the --folder argument in scripts/hide_skill.py, scripts/unhide_skill.py, and scripts/config_manager.py. 2. Boundary markers: Absent; no delimiters are used to wrap or isolate user-provided paths from the command logic. 3. Capability inventory: The skill has the ability to list all files in a directory using os.listdir and rename files using os.rename. 4. Sanitization: Absent; the normalize_path function only converts slashes and does not validate against path traversal or restrict access to safe directories.
Audit Metadata