agent-registry
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The install.sh script attempts to install the questionary Python package using pip3. This is a well-known library used for the skill's interactive migration interface.
- [COMMAND_EXECUTION]: The installer script (install.sh) and migration script (scripts/init_registry.py) execute commands to manage directories and move agent files. This includes using mkdir, cp, and Python's shutil.move to organize files within the user's home directory.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and displays the contents of Markdown files (agents) without sanitization.
- Ingestion points: scripts/init_registry.py scans ~/.claude/agents/ and scripts/get_agent.py reads migrated agent files.
- Boundary markers: scripts/get_agent.py includes visual boundary markers when outputting agent content to the agent's context.
- Capability inventory: The skill can read, write, and move local files, and install Python packages.
- Sanitization: There is no evidence of sanitization or filtering applied to the content of processed Markdown files before they are presented to the agent.
Audit Metadata