Skills
skills/popup-studio-ai/bkit-claude-code/skill-status/Gen Agent Trust Hub

skill-status

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Bash, Glob, and Grep tools to scan the local filesystem, specifically targeting the application cache directory (~/.claude/plugins/cache/bkit-marketplace/bkit/*/skills/) and project-local directories (.claude/skills/project/*/SKILL.md).- [PROMPT_INJECTION]: The workflow parses and displays metadata from other SKILL.md files, creating an indirect prompt injection vulnerability if a malicious skill is present in the environment.
  • Ingestion points: Metadata fields such as name, classification, and description are read from core and project-local SKILL.md files.
  • Boundary markers: The skill does not implement delimiters or specific instructions to isolate the ingested content from the agent's output context.
  • Capability inventory: The skill utilizes Bash, Read, Glob, and Grep to execute its discovery and reporting logic.
  • Sanitization: Content extracted from external skill files is displayed directly in the status report without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:53 AM
Security Audit — agent-trust-hub — skill-status