ito-skill
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (validate-metadata.py) with arguments (--name and --description) sourced from user input. This creates a risk of shell command injection if shell metacharacters provided by a user are not properly escaped by the agent during command construction.
- Evidence: SKILL.md directs execution of
python3 .claude/skills/ito-skill/scripts/validate-metadata.py --name "[name]" --description "[description]". - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the contents of potentially untrusted skill files in its 'review' and 'edit' modes.
- Ingestion points: Existing files in .claude/skills//, including SKILL.md, references/, assets/, and scripts/*.
- Boundary markers: Absent; no delimiters are used to separate ingested content from the agent's instructions.
- Capability inventory: File system read/write access and local script execution capabilities.
- Sanitization: No validation or sanitization of the content from processed files is performed prior to inclusion in the agent's context.
Audit Metadata