validator-run
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the
agent-validate runcommand, which is the primary mechanism for running the validation suite. - [DATA_EXPOSURE]: The agent reads from and writes to the
validator_logs/directory to access execution logs and structured JSON reports containing violation details. - [INDIRECT_PROMPT_INJECTION]: The skill implements a workflow that ingests and acts upon data from external log files, creating a surface for indirect prompt injection.
- Ingestion points: Log files and JSON violation reports located in the
validator_logs/directory are read by subagents and the main agent in Step 3 and Step 6. - Boundary markers: The instructions lack explicit markers or warnings to the AI to ignore instructions or commands that might be maliciously embedded within the log data produced by external tools.
- Capability inventory: The skill allows the agent to execute Bash commands and dynamically invoke other skills based on the strings extracted from the logs (e.g., the 'Fix Skill' and 'Fix Instructions' sections).
- Sanitization: There is no evidence of sanitization or validation of the 'Fix Skill' names or 'Fix Instructions' extracted from the logs before the agent attempts to execute them.
Audit Metadata