password-gen
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains script templates that ingest external parameters such as length and character sets into shell commands, creating a surface for indirect prompt injection.\n
- Ingestion points: File
SKILL.mdcontains bash script examples using unvalidated variables$LENGTH,$CHARS, and$PREFIX.\n - Boundary markers: No delimiters or 'ignore embedded instructions' warnings are used in the prompt templates.\n
- Capability inventory: Uses
openssl,tr,sed,shuf,python3, andnodeto perform operations on the local system.\n - Sanitization: No input validation, escaping, or filtering is implemented in the provided shell script templates to prevent command injection via parameters.\n- [COMMAND_EXECUTION]: The skill provides commands for local execution of standard system utilities. While these are intended for legitimate cryptographic generation, they represent the capability to execute code on the host environment.\n- [SAFE]: No network access, external downloads, or attempts to access sensitive files were detected. All random generation uses cryptographically secure sources like
/dev/urandomandopenssl rand.
Audit Metadata