extract-source-sample
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands on the host system to process files. Specifically, it uses the
filecommand to audit PNG binaries and thegit lfscommand (fetch and checkout) to materialize remote assets in the local directory. - [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection. It reads various untrusted files from a user-provided directory and incorporates their contents into a structured JSON file designed for consumption by downstream agents.
- Ingestion points: Reads
working/script.json,HOW_TO_MAKE_THIS_VIDEO.md,production/asset-manifest.json, and Python driver scripts (working/*.py) from the inputrun-dir. - Boundary markers: None identified; instructions specify dumping contents "verbatim" or concatenating them into the output schema.
- Capability inventory: The skill has the ability to read and write to the local filesystem (including creating new directories in the character library) and execute shell commands.
- Sanitization: No sanitization or escaping is performed on the ingested content before it is placed into the
source-sample.jsonoutput.
Audit Metadata