Skills
skills/richfrem/agent-plugins-skills/local-llm-bridge/Gen Agent Trust Hub

local-llm-bridge

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from project files and task instructions to be processed by a sub-agent. \n
  • Ingestion points: The skill reads INPUT_FILE contents and processes arbitrary <INSTRUCTION> strings via the run_agent.py script. \n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are documented in the orchestration patterns. \n
  • Capability inventory: The agent has access to Bash, Read, and Write tools, providing a surface for misuse if the LLM follows malicious instructions within the data. \n
  • Sanitization: The documentation does not describe any sanitization or validation of the input data before it is passed to the LLM. \n- [COMMAND_EXECUTION]: The skill relies on executing local Python scripts (run_agent.py, run_server.py) via the Bash tool to orchestrate model interactions and manage the local server state.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:07 PM
Security Audit — agent-trust-hub — local-llm-bridge