extract-source-sample

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands on the host system to process files. Specifically, it uses the file command to audit PNG binaries and the git lfs command (fetch and checkout) to materialize remote assets in the local directory.
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection. It reads various untrusted files from a user-provided directory and incorporates their contents into a structured JSON file designed for consumption by downstream agents.
  • Ingestion points: Reads working/script.json, HOW_TO_MAKE_THIS_VIDEO.md, production/asset-manifest.json, and Python driver scripts (working/*.py) from the input run-dir.
  • Boundary markers: None identified; instructions specify dumping contents "verbatim" or concatenating them into the output schema.
  • Capability inventory: The skill has the ability to read and write to the local filesystem (including creating new directories in the character library) and execute shell commands.
  • Sanitization: No sanitization or escaping is performed on the ingested content before it is placed into the source-sample.json output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — extract-source-sample