Skills
skills/richfrem/agent-plugins-skills/l5-red-team-auditor/Gen Agent Trust Hub

l5-red-team-auditor

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external plugin directories.
  • Ingestion points: The skill performs directory traversal and reads all SKILL.md files, validation scripts, and workflows within a target plugin's folder.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within the audited files are provided.
  • Capability inventory: The agent has access to Bash, Read, and Write tools, which could be misused if a malicious audited file successfully redirects the agent's behavior.
  • Sanitization: There is no evidence of input sanitization or filtering for the content read from target files.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to inventory directories and verify findings. While intended for legitimate auditing tasks, this provides a powerful mechanism that could be exploited if the agent's logic is subverted by external data.
  • [DATA_EXFILTRATION]: The skill accesses the ${CLAUDE_PLUGIN_ROOT} environment variable and reads arbitrary files within project directories to perform its assessment. This involves broad read access to the filesystem where potentially sensitive code or configuration might reside.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 06:08 PM