skill-judge
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill enables an attack surface where an agent ingests untrusted text from SKILL.md files. Ingestion points: The skill processes files at user-specified paths for evaluation. Boundary markers: There are no instructions to delimit the untrusted data from the agent's core instructions. Capability inventory: The agent performs high-level reasoning on the input, which can be hijacked by instructions embedded within the target file. Sanitization: The documentation does not specify any validation or sanitization of the external content being analyzed.
Audit Metadata