Skills
skills/validkeys/sherpy/gap-analysis-worksheet/Gen Agent Trust Hub

gap-analysis-worksheet

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command mkdir -p {base_directory}/requirements. The {base_directory} variable is dynamically populated based on user input or automated local environment detection, which constitutes a command execution surface if the platform does not provide sufficient sanitization.
  • [PROMPT_INJECTION]: The skill implements a workflow for reading and analyzing external requirements documents, creating an indirect prompt injection surface where untrusted data could contain malicious instructions.
  • Ingestion points: The primary input document provided via the path/to/requirements argument.
  • Boundary markers: Absent; the skill does not define specific delimiters or override-prevention instructions to isolate the document content from the agent's instructions.
  • Capability inventory: File system read access, file system write access, and directory creation through shell execution (mkdir).
  • Sanitization: No validation, escaping, or content filtering is specified for the data ingested from the requirements document.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 12:13 PM