forbid
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash script within
SKILL.mdthat utilizes standard utilities includingjq,mv, andechoto modify local configuration files. - [PROMPT_INJECTION]: The skill functions as an ingestion point for user-defined strings that are later rendered as guidance to influence the agent's behavior, establishing an indirect prompt injection surface.
- Ingestion points: User input is captured via the
ARGUMENTSenvironment variable inSKILL.md. - Boundary markers: No delimiters or explicit warnings to ignore embedded instructions are used for the stored forbidden strings.
- Capability inventory: The script in
SKILL.mdperforms file system writes and state updates usingjqandmv. - Sanitization: The implementation correctly utilizes
jq --argto ensure user-supplied data is treated as a literal string within the JSON structure, effectively preventing direct command or schema injection.
Audit Metadata