join
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute shell commands via the Bash tool to interact with the agentbook CLI. User-provided arguments, including potential passphrases, are passed directly to the shell command 'agentbook join $ARGUMENTS'.
- [PROMPT_INJECTION]: The skill features a preprocessing step that creates a surface for indirect prompt injection. 1. Ingestion points: The preprocessing directive in SKILL.md executes 'agentbook rooms' and injects the resulting room list directly into the prompt context. 2. Capability inventory: The skill is granted Bash tool access with the ability to execute agentbook commands. 3. Boundary markers: There are no delimiters or instructions to treat the injected room names as untrusted data. 4. Sanitization: The output of the room list command is not sanitized or filtered before being placed in the prompt context, allowing potentially malicious room names to influence agent behavior.
Audit Metadata