glossary-generator

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically generates and executes a Python script via the Bash tool to perform alphabetical sorting and merging of glossary entries. The script content is provided within the instructions in SKILL.md and uses standard libraries (os, re, glob) to process local temporary files.
  • [PROMPT_INJECTION]: The skill ingests untrusted content from markdown files within the project's documentation directory and interpolates it into a sub-agent's prompt, creating a surface for indirect prompt injection.
  • Ingestion points: Reads docs/learning-graph/02-concept-list-v1.md, docs/course-description.md, and any files matching /docs/**/*.md.
  • Boundary markers: Absent. The prompt template in SKILL.md lacks delimiters or specific instructions to ignore embedded commands in the source data.
  • Capability inventory: The skill has access to Write, Edit, and Bash tools, allowing it to modify project files and execute local scripts.
  • Sanitization: There is no evidence of input validation or escaping for the content processed from external files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:00 AM
Security Audit — agent-trust-hub — glossary-generator