skill-installer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from external documentation files which could contain instructions designed to manipulate agent behavior. \n
- Ingestion points: The
getMarketplaceSkillsfunction inindex.ts(lines 112-132) readsSKILL.mdcontent from paths defined in a local configuration file (marketplace.json). \n - Boundary markers: Absent. The parsed name and description strings are returned directly to the agent context without isolation delimiters or instructions to ignore embedded commands. \n
- Capability inventory: The skill facilitates the discovery and registration of tool capabilities; malicious metadata could deceive the agent into choosing harmful tools or performing unintended actions based on deceptive descriptions. \n
- Sanitization: Absent. No filtering or validation of the extracted documentation text is performed before it is presented to the LLM.
Audit Metadata