remember
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill requests access to Bash, Grep, and Glob tools for input categorization. Executing shell commands based on untrusted user text without explicit escaping logic presents a risk of command injection.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected due to high-capability tools processing untrusted data. 1. Ingestion points: The [decision-or-pattern] argument in SKILL.md. 2. Boundary markers: Absent; user input is not wrapped in delimiters or accompanied by instructions to ignore embedded commands. 3. Capability inventory: Access to Bash, Grep, Glob, and filesystem tools (Read). 4. Sanitization: The skill documentation mentions basic truncation for long inputs but lacks proper escaping or validation of user-provided strings before processing.
Audit Metadata