skillkit-help
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The validation workflow in SKILL.md (Path B) involves analyzing user-supplied SKILL.md files, creating a surface for indirect prompt injection. \n
- Ingestion points: In SKILL.md (Step 2 of Path B), the agent is instructed to ingest and review content or file paths provided by the user. \n
- Boundary markers: The instructions do not define explicit delimiters to encapsulate the user-provided content, which could allow instructions within those files to interfere with the agent's validation logic. \n
- Capability inventory: The skill is designed for use in environments like Claude Code that provide tools for filesystem access and shell command execution. \n
- Sanitization: No sanitization or 'ignore embedded instructions' warnings are present to mitigate the risks of processing untrusted data.
Audit Metadata