skills/pasky/muaddib/manage-skills/Gen Agent Trust Hub

manage-skills

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill establishes a persistence mechanism by directing the agent to create and update SKILL.md files and executable scripts within the /workspace/skills/ directory, allowing for behavioral changes that persist across sessions.\n- [PROMPT_INJECTION]: The capability to update skills based on 'new lessons' creates an indirect prompt injection surface where untrusted external data could be persisted as part of the agent's long-term instruction set.\n
  • Ingestion points: Agent 'lessons' (derived from runtime data) are written to persistent SKILL.md files in /workspace/skills//.\n
  • Boundary markers: The instructions do not include requirements for boundary markers or delimiters to ignore instructions within the generated skills.\n
  • Capability inventory: The agent can write to the file system and create executable scripts (in scripts/) which are later referenced by the agent's internal logic.\n
  • Sanitization: The skill lacks instructions for sanitizing or validating external content before it is incorporated into the persistent skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 04:14 PM
Security Audit — agent-trust-hub — manage-skills