Skills
skills/majesticlabs-dev/majestic-marketplace/config-reader/Gen Agent Trust Hub

config-reader

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The execution logic in SKILL.md uses a shell command template (bash {baseDir}/scripts/config_reader.sh FIELD DEFAULT) where FIELD and DEFAULT are meant to be replaced by the agent. This manual substitution pattern is prone to command injection if the agent provides unsanitized input for these placeholders.- [PROMPT_INJECTION]: The skill reads from .agents.yml and .agents.local.yml, providing their contents to the agent. This represents an indirect prompt injection surface where malicious configuration data could be used to override agent instructions.
  • Ingestion points: Data is read from project configuration files in scripts/config_reader.sh.
  • Boundary markers: None used; the extracted values are returned directly.
  • Capability inventory: The skill uses yq to read files; the output is returned to the agent.
  • Sanitization: No sanitization or validation of the configuration content is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:40 AM