Skills
skills/stevengonsalvez/agents-in-a-box/critique/Gen Agent Trust Hub

critique

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script recall.py using uv run. While this targets a local skill component, the command incorporates a <QUERY> placeholder constructed from user-provided context.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data (code snippets and implementation details) to perform its analysis.
  • Ingestion points: Technical decisions and code snippets extracted during the 'Context Extraction' phase (documented in SKILL.md).
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the data being critiqued.
  • Capability inventory: File system write operations (saving critique reports to {{HOME_TOOL_DIR}}/critiques/).
  • Sanitization: Absent. No evidence of escaping or validation of the external content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 09:05 AM