heal-skill
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. 1. Ingestion points: Reads content from SKILL.md and related files in the './skills/' directory. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used during file reading. 3. Capability inventory: Uses Edit and Bash tools (defined in SKILL.md) to modify files and execute git commands. 4. Sanitization: No validation or filtering is performed on the content proposed as a correction.
- [COMMAND_EXECUTION]: Uses the Bash tool to execute 'ls' and 'git' commands. While restricted to these subcommands, the ability to perform git commits allows for persistent, versioned changes to the skill library.
Audit Metadata