agent-skill-discovery
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates as a discovery utility using standard file system globbing and reading operations without executing external code.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface by reading and displaying metadata from local repository files.
- Ingestion points: Files like plugin.json, SKILL.md, and .mcp.json in the current working directory.
- Boundary markers: None; external content is interpolated directly into the markdown report.
- Capability inventory: The skill utilizes Glob, Read, and ToolSearch to collect metadata and does not have write or execution permissions.
- Sanitization: Metadata from external files is not validated or sanitized before being presented to the agent.
Audit Metadata