Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/skill-adapter/Gen Agent Trust Hub

skill-adapter

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection. It is explicitly designed to read and adopt instructions, methodologies, and patterns from external files found in the plugins/ directory tree (including community-contributed plugins).
  • Ingestion points: The skill reads commands/*.md, agents/*.md, skills/*/SKILL.md, and scripts/*.sh/*.py from plugins/community/, plugins/packages/, and plugins/examples/ (identified in SKILL.md and references/how-it-works.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded malicious content are present in the skill's instructions.
  • Capability inventory: The skill has access to Bash(cmd:*), Read, Grep, and Glob tools.
  • Sanitization: No evidence of sanitization or validation of the content extracted from external plugins before it is used to influence agent behavior.
  • [COMMAND_EXECUTION]: The skill configuration allows broad shell access via Bash(cmd:*). While intended for plugin discovery and execution of 'synthesized' patterns, this could lead to arbitrary command execution if the learned patterns from external files are malicious.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 10:53 PM
Security Audit — agent-trust-hub — skill-adapter