Skills
skills/borghei/claude-skills/nist-csf-specialist/Gen Agent Trust Hub

nist-csf-specialist

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted assessment data which presents a surface for indirect prompt injection.
  • Ingestion points: The 'scripts/csf_maturity_assessor.py' tool reads organizational data from external JSON files via the '--input' parameter.
  • Boundary markers: No explicit markers are used to delimit the tool output or warn the agent to ignore embedded instructions.
  • Capability inventory: The skill possesses the capability to execute shell commands and perform file system read/write operations.
  • Sanitization: No input validation or sanitization is performed on the 'evidence' or 'notes' fields of the provided assessment data.
  • [COMMAND_EXECUTION]: The skill defines and instructs the agent to execute specific Python command-line tools ('scripts/csf_maturity_assessor.py' and 'scripts/csf_control_mapper.py') to perform its core functions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 01:08 AM