sync-agent-infra
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
ls -1 .agents/skills/andls -1 crates/) to inventory project directories. These operations are restricted to the local filesystem and serve the primary purpose of identifying the current state of the repository for documentation synchronization. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes data from various repository files (e.g.,
AGENTS.md,CONTRIBUTING.md, and issue templates). While these files could theoretically contain malicious instructions, the skill's logic is focused on specific structural consistency checks (e.g., verifying skill names exist in tables), which significantly limits the risk of adversarial command execution. - Ingestion points: Processes
AGENTS.md,CONTRIBUTING.md,README.md, GitHub issue templates, GitHub workflows, and other skill definition files. - Boundary markers: None explicitly defined in the instructions to separate untrusted file content from agent instructions.
- Capability inventory: Execution of directory listing (
ls) and file modification (writing updates to documentation). - Sanitization: No explicit sanitization or validation of the content read from the files is mentioned beyond checking for existence in the inventory.
Audit Metadata