Skills
skills/vanman2024/ai-dev-marketplace/validation-scripts/Gen Agent Trust Hub

validation-scripts

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted external data and process it using interpreters with execution capabilities. * Ingestion points: File './data/train.jsonl' read in 'examples/data-validation-example.md'. * Boundary markers: None provided to delimit data from instructions. * Capability inventory: Execution of 'bash' and 'python3'. * Sanitization: The main validation script is missing, leaving sanitization unverified.
  • [Unverifiable Dependencies] (HIGH): The skill commands the execution of 'scripts/validate-data.sh', which is not included in the skill source, posing a risk of executing unverified code.
  • [Dynamic Execution] (MEDIUM): Uses shell HEREDOCs to execute Python code at runtime in 'examples/data-validation-example.md'.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:37 PM