skill-judge
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process user-provided SKILL.md files for evaluation, creating a surface for indirect prompt injection where malicious instructions embedded in the evaluated content could attempt to influence the agent's behavior.
- Ingestion points: File content located at user-specified paths (e.g., SKILL.md and referenced files).
- Boundary markers: Absent. The skill lacks explicit delimiters or instructions to treat the analyzed content as untrusted data.
- Capability inventory: Text analysis, scoring, and report generation using the agent's default toolset.
- Sanitization: Absent. No validation or filtering is performed on the ingested markdown content before processing.
- [SAFE]: No hardcoded credentials, malicious persistence mechanisms, or unauthorized network operations were detected. All shell commands and scripts (e.g., pandoc, grep, python) are presented as illustrative examples in markdown code blocks rather than executable commands for the skill itself.
Audit Metadata