skills/callicrate/skills/agents-md/Gen Agent Trust Hub

agents-md

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/validate_agentsmd.py contains a function run_fast_validate that executes compiled binaries (e.g., fast-validate-x86_64-apple-darwin) based on the host's operating system and architecture. These binaries are expected to be located in a bin/ subdirectory within the skill. Since the source code for these binaries is not provided for analysis, their execution is unverifiable and potentially risky.
  • [COMMAND_EXECUTION]: Multiple scripts within the skill, such as scripts/run_agentsmd_fixture_checks.py, scripts/validate_agentsmd.py, and tests/test_fixture_harness.py, use subprocess.run to execute shell commands and internal scripts. While these are used for validation and testing, they provide a mechanism for process execution that could be exploited if inputs were poorly sanitized.
  • [DATA_EXFILTRATION]: The scripts/analyze_project.py script performs a comprehensive scan of the local project directory, reading configuration files (like package.json, pyproject.toml, Cargo.toml) and sampling source files to extract metadata. While this data is used to assist in generating documentation and no network-based exfiltration was found, the script's broad read access to the filesystem should be noted.
  • [PROMPT_INJECTION]: As the skill is designed to process and review content from repository files (specifically AGENTS.md), it is susceptible to indirect prompt injection if those files contain malicious instructions that the agent might follow. The skill documentation specifically warns to treat repository files as untrusted input to mitigate this risk.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 03:29 PM