Skills
skills/twofoldtech-dakota/plugin-cms-toolkit/cms-detect/Gen Agent Trust Hub

cms-detect

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted project files without defined safety boundaries.
  • Ingestion points: Uses Read, Grep, Glob, and Bash to scan project files like sitecore.json, .csproj, and appsettings.json.
  • Boundary markers: Absent; the instructions do not specify delimiters or provide warnings to ignore embedded instructions within scanned content.
  • Capability inventory: The skill allows access to Bash, Read, Grep, and Glob tools, which could be misused if the agent obeys instructions found inside local files.
  • Sanitization: Absent; there is no content filtering or validation performed on the data read from the project files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:44 AM