skills/q00/openclip/oc-tool-auditor/Gen Agent Trust Hub

oc-tool-auditor

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the oc command-line utility to perform administrative tasks, such as displaying tool source code (oc toolbox show) and managing tool status (oc toolbox promote). These operations are consistent with the skill's stated purpose of auditing tool capabilities.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it is designed to ingest and analyze untrusted source code from tools submitted for review.
  • Ingestion points: The agent reads tool source code using oc --project <P> toolbox show --name <tool> as specified in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to wrap the untrusted source code during the analysis phase.
  • Capability inventory: The skill leverages the Bash and Read tools and invokes the oc CLI to execute tool self-tests during the promotion process.
  • Sanitization: While the skill instructs the agent to run tests in a 'scrubbed env' to mitigate runtime risks, it does not detail specific sanitization for the tool source code text before it is processed by the agent's reasoning engine.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 03:48 AM
Security Audit — agent-trust-hub — oc-tool-auditor