manage-skills
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is designed to read and process external instructional data from the file system. Ingestion points: The skill reads directory names and file contents from AI tool configuration paths (e.g., ~/.agents/skills/, ~/.cursor/skills/) using commands like ls, cat, grep, and find. Boundary markers: Absent. The instructions do not specify using delimiters or ignore-instructions warnings when processing external skills. Capability inventory: The skill provides the agent with file system capabilities including reading, writing (cat >), moving (mv), and deleting (rm -rf) files. Sanitization: Absent. Content retrieved from the file system is not sanitized or validated before being presented to the agent.
- [COMMAND_EXECUTION]: The skill relies on shell commands to manage configuration files in the user's home directory. These include potentially destructive commands like rm -rf, although the skill includes a guideline to confirm such actions with the user before execution.
Audit Metadata