Skills
skills/generaljerel/chalk-skills/audit-api-consistency/Gen Agent Trust Hub

audit-api-consistency

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is granted access to the Bash tool and utilizes Grep and Glob to discover route definitions and patterns across the codebase. While these are used for auditing purposes, the availability of a shell environment is a significant capability.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from the codebase it audits.
  • Ingestion points: The workflow reads engineering documentation and source code files (Workflow steps 1 and 2) using Read, Grep, and Glob tools.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the files being scanned.
  • Capability inventory: The agent has access to Bash, Read, Glob, and Grep tools, which could be exploited if malicious instructions are encountered in the codebase.
  • Sanitization: The skill lacks explicit sanitization or validation of the content retrieved from the files before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:09 AM