Skills
skills/anentrypoint/gm-skill/gm-emit/Gen Agent Trust Hub

gm-emit

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic loading of agent logic by computing the name of the next skill to invoke at runtime using data from a file (out/<N>.json). This dynamic execution pattern (Category 10) allows the workflow to be steered by external or generated content.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the filesystem to control the agent's next instruction set.
  • Ingestion points: The nextSkill value is read from out/<N>.json in the Transition section of SKILL.md.
  • Boundary markers: Skill invocations are prefixed with the gm: namespace, which limits the scope of potential targets.
  • Capability inventory: The skill is authorized to use Skill, Read, and Write tools, providing it with significant control over the environment and state transitions.
  • Sanitization: The logic implements a fallback mechanism where any unknown skill identifier triggers a transition to gm:planning, reducing the impact of arbitrary input.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 10:31 AM
Security Audit — agent-trust-hub — gm-emit