skills-manager
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions involve executing multiple local shell scripts (e.g.,
skill-activation-prompt.sh,add-keywords-to-skill.sh,extract-keywords.sh) located in the.claude/hooks/directory. It also includes instructions to modify file permissions usingchmod +xto ensure these local automation hooks are executable. - [PROMPT_INJECTION]: The skill describes an 'Auto-Learning Feature' where user input from the prompt is processed to extract keywords. These keywords are then automatically injected into the local
skill-rules.jsonconfiguration via a shell script. This creates a surface for indirect prompt injection where adversarial user input could potentially influence the agent's skill-routing logic. - Ingestion points: User prompts (processed in SKILL.md).
- Boundary markers: None specified.
- Capability inventory: Execution of shell scripts and writing to local JSON configuration files (
add-keywords-to-skill.sh). - Sanitization: No explicit sanitization or validation of the extracted keywords is documented.
Audit Metadata