oc-tool-auditor
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
occommand-line utility to perform administrative tasks, such as displaying tool source code (oc toolbox show) and managing tool status (oc toolbox promote). These operations are consistent with the skill's stated purpose of auditing tool capabilities. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it is designed to ingest and analyze untrusted source code from tools submitted for review.
- Ingestion points: The agent reads tool source code using
oc --project <P> toolbox show --name <tool>as specified inSKILL.md. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to wrap the untrusted source code during the analysis phase.
- Capability inventory: The skill leverages the
BashandReadtools and invokes theocCLI to execute tool self-tests during the promotion process. - Sanitization: While the skill instructs the agent to run tests in a 'scrubbed env' to mitigate runtime risks, it does not detail specific sanitization for the tool source code text before it is processed by the agent's reasoning engine.
Audit Metadata