shell-scripter
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill uses local scripts for analysis and does not perform network operations or access sensitive system files.\n- [COMMAND_EXECUTION]: The skill uses
uv run pythonto execute its internal analysis and conversion scripts (script-analyzer.pyanddialect-converter.py). This is a legitimate use of the agent's environment to provide its core functionality and does not involve executing arbitrary user-provided commands.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill ingests user-provided shell scripts for auditing and conversion. This represents an attack surface where an attacker could embed malicious instructions within a script to influence the agent's output.\n - Ingestion points:
SKILL.md(Review, Convert, and POSIX modes read script content).\n - Boundary markers: Absent; the content of analyzed scripts is not wrapped in specific protective delimiters.\n
- Capability inventory: The skill performs static analysis via local Python scripts; it does not execute the scripts being analyzed.\n
- Sanitization: Absent; the skill does not sanitize script content before processing, which is typical for a code-review tool.
Audit Metadata