skill
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including mkdir, find, grep, sed, and stat within the '/skill setup' and '/skill scan' subcommands to manage directories and inventory skill files located in ~/.agents/skills/ and .agents/skills/.
- [EXTERNAL_DOWNLOADS]: The 'Import Skill' functionality in the '/skill setup' command allows the agent to download and save markdown content from arbitrary, user-provided URLs.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it processes and displays external content.
- Ingestion points: Data enters the agent context via '/skill setup' (Import from URL/paste), '/skill edit' (reading existing files), and '/skill search' (matching queries against markdown content) in SKILL.md.
- Boundary markers: The skill does not implement delimiters or explicit instructions for the agent to ignore embedded commands when reading or displaying skill content.
- Capability inventory: The skill possesses the capability to write files to the filesystem (/skill add, /skill edit, /skill sync) and execute shell commands (/skill setup, /skill scan) as defined in SKILL.md.
- Sanitization: While the skill validates naming conventions, it does not sanitize or escape the markdown content of the skill files before they are read or processed by the agent.
Audit Metadata