Skills
skills/ulpi-io/skills/normalize-skill-for-claude/Gen Agent Trust Hub

normalize-skill-for-claude

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted markdown content from external skill files to perform its optimization tasks.
  • Ingestion points: SKILL.md reads target skill definitions and associated directory contents in Steps 1, 2, and 3.
  • Boundary markers: The instructions do not define clear delimiters or warnings to separate untrusted content from internal logic during the analysis or rewrite process.
  • Capability inventory: The skill utilizes Write, Edit, and Bash tools to create plans and modify local files, and uses the Agent tool for sub-task delegation, as described in SKILL.md Steps 4 and 5.
  • Sanitization: No sanitization or content validation is performed on the ingested skill markdown before it is analyzed or rewritten.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to resolve file targets, inventory directory contents, and check file line counts. These operations are aligned with the skill's stated purpose of auditing and normalizing local repository files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 04:41 AM