tool-design
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill advocates for 'Architectural Reduction', a design pattern where specialized tools are replaced by a single tool allowing arbitrary bash command execution (e.g., using standard Unix utilities like grep, cat, ls). While presented as a design principle for sandboxed environments, it encourages a pattern that increases the attack surface if implemented without rigorous security controls.
- [PROMPT_INJECTION]: The 'Tool-Testing Agent Pattern' described in SKILL.md demonstrates a method for optimizing tool descriptions by feeding untrusted 'failure examples' back into an agent prompt.
- Ingestion points: The failure_examples parameter in the optimize_tool_description function (SKILL.md).
- Boundary markers: The prompt template lacks delimiters or instructions to ignore potential commands embedded within the failure data.
- Capability inventory: The generated prompt is passed to an LLM via get_agent_response (SKILL.md).
- Sanitization: The provided pattern does not include any escaping or validation of the input data before interpolation into the prompt.
Audit Metadata