using-skillpack-maintenance
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands such as 'ls', 'find', 'cat', and 'git commit' to perform inventory checks and version control operations on plugin directories. These actions are directly related to its primary purpose of plugin maintenance and are executed within a structured workflow.\n- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill reads and processes data from external files, such as other plugins' SKILL.md, agents, and commands.\n
- Ingestion points: Data enters the context through file discovery and reading tools ('find', 'cat', 'Read', 'Grep') during the domain analysis and structure review phases.\n
- Boundary markers: The skill relies on model reasoning and specific 'Behavioral Testing' scenarios defined in 'testing-skill-quality.md' to identify when a component provides incorrect or adversarial guidance, though it lacks explicit technical delimiters for external data.\n
- Capability inventory: The skill has access to file modification tools ('Write', 'Edit') and shell execution ('Bash') for git operations, which are the primary capabilities that could be influenced by injected instructions.\n
- Sanitization: There is no evidence of content sanitization or escaping of the ingested plugin data before it is processed by the agent, relying instead on the testing process to identify failures.
Audit Metadata