skill-best-practice
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses the 'description' field from various SKILL.md files within the workspace and aggregates them into the root README.md file.\n
- Ingestion points: Metadata parsed from SKILL.md files in the 'skills/' subdirectories.\n
- Boundary markers: None; the parsing logic uses basic regular expressions without delimiters to isolate untrusted content.\n
- Capability inventory: The skill has file system read/write access and can execute scripts.\n
- Sanitization: No validation or escaping is performed on the extracted description text before it is written to the primary documentation file.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of local scripts. It provides source code for Python and Bash utilities in 'references/check-report-template.md' and instructs the agent to run these scripts to perform repository maintenance and file system modifications.
Audit Metadata