skill-gap-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from a requirements file and uses it to generate new skill files and directories.
- Ingestion points: The Python script
scripts/analyzer.pyand theSKILL.mdinstructions both read an external file (e.g.,requirements.md) to drive the skill's logic. - Boundary markers: There are no explicit delimiters or protective instructions (e.g., XML tags or "ignore instructions") used when reading the requirements file.
- Capability inventory: The skill has permission to use
WriteandBashtools, specifically to create directories (mkdir -p) and file content for new skills. - Sanitization: While the skill uses keyword matching for technology detection, it does not sanitize the input before using it to generate the descriptive content of new skills, which could allow an attacker to inject malicious instructions into the created environment.
- [COMMAND_EXECUTION]: The skill executes local system commands to manage project structure.
- Evidence: The instructions utilize
ls -la .claude/skills/for discovery andmkdir -pfor directory creation. These commands are restricted to the.claudedirectory by the skill's internal logic and guardrails.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata