Skills
skills/bluewaves-creations/bluewaves-skills/inspect-package/Gen Agent Trust Hub

inspect-package

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the "$ARGUMENTS" variable directly within a bash shell command in SKILL.md. This pattern allows for command injection if the input provided to the skill contains shell metacharacters such as backticks, semicolons, or subshell syntax, potentially leading to arbitrary code execution on the host.
  • [PROMPT_INJECTION]: The skill implements a workflow that reads and displays the contents of a manifest.json file from untrusted ZIP packages, creating an indirect prompt injection surface.
  • Ingestion points: The Python script within SKILL.md reads the content of manifest.json from the user-provided package file.
  • Boundary markers: Absent; the content is printed directly to the agent's context without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill is configured with access to the Bash tool, which could be abused if the agent executes instructions found within the manifest.
  • Sanitization: Absent; the script parses the JSON and prints it to the console without any filtering or escaping of potentially malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 10:15 PM