validate-skills
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instruction 'bash scripts/validate-skills.sh $ARGUMENTS' in SKILL.md directly interpolates user-supplied input into a shell command. The lack of quoting (e.g., "$ARGUMENTS") allows an attacker to bypass the intended script logic and execute arbitrary system commands using shell metacharacters like semicolons, pipes, or backticks.
- [PROMPT_INJECTION]: The skill processes untrusted content from other skill files (SKILL.md), which constitutes a surface for indirect prompt injection.
- Ingestion points: Reads and validates local skill files (SKILL.md) within the workspace.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided skill text.
- Capability inventory: The skill has access to the 'Bash' tool, allowing for broad system interaction.
- Sanitization: There is no evidence of sanitization or validation of the content within the skill files being processed before they are passed to the validation script.
Recommendations
- AI detected serious security threats
Audit Metadata