sync
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes
npx skills ls --jsonandnpx skills ls -g --jsonto retrieve the current list of skills. These commands use the well-knownnpxutility to run package binaries. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by processing descriptions from local
SKILL.mdfiles to infer installation conditions. * Ingestion points: Reads description text fromSKILL.mdfiles of other skills in Step 4. * Boundary markers: None identified in the processing logic. * Capability inventory: Ability to update the~/.config/harness/manifest.jsonfile in Step 6. * Sanitization: No explicit sanitization of the description content is mentioned. - [SAFE]: The access and modification of the
~/.config/harness/manifest.jsonfile are essential to the skill's purpose and do not constitute unauthorized persistence or data exposure.
Audit Metadata