agent-sop-author
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local validation script (
validate-sop.sh) to verify the structure of markdown files. This script is a vendor-provided utility that uses standard command-line tools likegrepfor pattern matching and does not perform any network, persistence, or privileged operations. - [PROMPT_INJECTION]: The skill ingests user-provided text to generate and update
.sop.mdfiles, creating a surface for indirect prompt injection. - Ingestion points: User input is used to define SOP objectives, parameters, and step descriptions in
agent-sops/*.sop.mdfiles. - Boundary markers: The skill relies on markdown headers (e.g., ## Overview, ## Steps) to delimit sections, but does not implement specific isolation delimiters for the user-provided content.
- Capability inventory: The skill utilizes file system write operations and executes a local bash-based structural validator.
- Sanitization: No sanitization or filtering is performed on user inputs, as the output is treated as descriptive text for documentation purposes rather than executable code.
Audit Metadata