Skills
skills/pedronauck/skills/agent-exploration/Gen Agent Trust Hub

agent-exploration

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local shell script scripts/install-explorer.sh during its setup phase to configure subagent definitions in the project environment. Additionally, subagents are permitted to use read-only Bash utilities (such as grep, find, and rg) to facilitate analysis of the targeted source code.
  • [EXTERNAL_DOWNLOADS]: The skill employs WebFetch and WebSearch capabilities to retrieve and process information from remote URLs as part of its multi-area research workflow.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external sources (codebases and web content).
  • Ingestion points: External data enters the agent context through Read, WebFetch, and WebSearch tools used by subagents (documented in SKILL.md and assets/explorer-agent.md).
  • Boundary markers: While the subagent is given a specific scope, the skill does not implement explicit structural delimiters or "ignore embedded instructions" markers for the ingested content.
  • Capability inventory: Subagents are granted restricted Write access to specific paths and read-only Bash access (defined in references/dispatch-rules.md).
  • Sanitization: The skill does not perform sanitization, escaping, or validation of the content retrieved from external sources before presenting it to the language model.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 09:42 PM