Skills
skills/azhi-ss/ljg-skills/ljg-qa/Gen Agent Trust Hub

ljg-qa

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the local system for operational tasks.
  • Evidence: Execution of curl -s -X POST http://localhost:31337/notify to send progress notifications to a local endpoint.
  • Evidence: Use of date +%Y%m%dT%H%M%S to generate timestamps for file naming conventions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to the combination of untrusted data ingestion and available system capabilities.
  • Ingestion points: The skill fetches external content via WebFetch (URLs) and reads local files via Read (PDFs) as defined in Workflows/Extract.md.
  • Boundary markers: Absent. There are no instructions or delimiters provided to the agent to distinguish between the source text and instructions, or to ignore potential commands embedded in the documents.
  • Capability inventory: The agent has the ability to execute shell commands (curl, date) and write files to ~/Documents/notes/.
  • Sanitization: Absent. Content from fetched URLs or documents is processed directly without filtering or validation of its instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 07:12 PM