tentacle-skills-washing
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references installation scripts for well-known and trusted development tools including Astral (uv), Bun, and Homebrew from their official domains. These references are part of the environment setup documentation for users.
- [COMMAND_EXECUTION]: The agent is instructed to use package managers such as
bunanduvto manage dependencies and execute scripts within the target skill's directory. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and adapts instructions from external, potentially untrusted skills. * Ingestion points: The agent reads
SKILL.md,AGENTS.md, and source code from a user-providedskill_path. * Boundary markers: The protocol lacks explicit markers or 'ignore' instructions to isolate untrusted data from the agent's logic. * Capability inventory: The agent can perform file system operations and execute shell commands (bun,uv). * Sanitization: There is no evidence of sanitization or validation of the content found within the files being adapted.
Audit Metadata