Skills
skills/elastic/integration-skills/package-spec/Gen Agent Trust Hub

package-spec

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it is designed to ingest and process untrusted external data.
  • Ingestion points: The agent processes manifest.yml, changelog.yml, and Handlebars template files (*.yml.hbs) as part of its core functionality defined in SKILL.md and references/manifest-rules.md.
  • Boundary markers: The skill does not provide instructions to use XML tags, delimiters, or explicit 'ignore instructions' warnings when reading these external files.
  • Capability inventory: The skill utilizes the elastic-package CLI tool (lint, check, and changelog management) to process this data, as mentioned in SKILL.md and references/changelog-patterns.md.
  • Sanitization: No sanitization or escaping of the processed file content is described before the data is analyzed by the agent.
  • [COMMAND_EXECUTION]: The skill provides detailed instructions for executing the elastic-package CLI utility. This is an official development tool provided by the vendor (Elastic) and is used for linting and validating integration package metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:43 PM
Security Audit — agent-trust-hub — package-spec