Skills
skills/liuzhengdongfortest/easysdd/easysdd-onboarding/Gen Agent Trust Hub

easysdd-onboarding

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (cp, ls, and PowerShell's Copy-Item) to set up the project hierarchy and copy internal tool scripts from the skill package into the user's project. This is standard initialization behavior for a project scaffolding tool.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it performs a comprehensive scan of markdown files within the repository to evaluate migration status. This is a potential risk common to documentation-processing agents, though the skill incorporates human-in-the-loop mitigation by requiring user confirmation for all migration actions.
  • Ingestion points: Repository-wide scan for .md files defined in SKILL.md for auditing existing project state.
  • Boundary markers: None identified for distinguishing file content from instructions during the audit process.
  • Capability inventory: Shell command execution and file system modification (creating and updating .md and .yaml files).
  • Sanitization: No explicit sanitization or instructions to ignore embedded agent commands in source files are provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 12:32 AM