Skills
skills/yonatangross/skillforge-claude-plugin/golden-dataset/Gen Agent Trust Hub

golden-dataset

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the '!' command syntax) in 'scripts/backup-golden-dataset.md' to execute shell commands automatically upon file access.
  • Evidence: Execution of 'date', 'find', 'python --version', and 'pwd' for environment discovery.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in its curation and annotation workflows.
  • Ingestion points: 'WebFetch' usage in 'rules/curation-add-workflow.md' and 'references/annotation-patterns.md'.
  • Boundary markers: Absent in agent prompts.
  • Capability inventory: PostgreSQL database writes ('scripts/backup-script.py') and JSON file writes.
  • Sanitization: Absent.
  • [DATA_EXFILTRATION]: Disclosure of the author's local directory structure in documentation and example files.
  • Evidence: Hardcoded paths like '/Users/yonatangross/coding/OrchestKit/...' found in 'checklists/backup-restore-checklist.md' and 'examples/orchestkit-dataset-workflow.md'.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 10:47 AM