explain
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests and processes untrusted data from user input or file content.
- Ingestion points: User-provided text or file paths are captured in Step 1 and written to
.galmuri/tmp/source-{slug}.txt. - Boundary markers: There are no instructions or delimiters specified to prevent the agent from following malicious commands embedded within the text being summarized.
- Capability inventory: The skill utilizes the
Bashtool for file management and theSkilltool to invoke an external summarization engine (galmuri:distill). - Sanitization: No sanitization, escaping, or validation of the input content is performed before processing.
- [COMMAND_EXECUTION]: The skill employs the
Bashtool to perform conditional logic and file operations. - Evidence: Step 1 uses shell commands to check for the existence of a warning file, touch new files, and pipe user input to temporary storage. While these specific operations are benign, they represent a surface for potential command injection if parameters like
{slug}are not properly handled by the underlying platform.
Audit Metadata