Skills
skills/slurpyb/registry/knowledge-base/Gen Agent Trust Hub

knowledge-base

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads data from the local project (including source code and existing markdown files) and incorporates it into agent-accessible documentation like reports, indexes, and glossaries.
  • Ingestion points: The scan and discover functions in lib.ts read project code files to identify technical patterns and definitions. The generateIndex and generateGlossary functions read existing markdown documentation within the docs/knowledge directory.
  • Boundary markers: Ingested content is placed within Markdown templates using headers and blockquotes, though it lacks explicit instructions to the agent to ignore embedded commands within that content.
  • Capability inventory: The skill performs filesystem writes (mkdir, writeFile) to manage the knowledge base structure and documents. It does not perform network operations or active code execution.
  • Sanitization: The create function in lib.ts sanitizes document names and category paths using regex (/[^a-zA-Z0-9\-_]/g and /[^a-zA-Z0-9\-_/]/g) to prevent path traversal attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:03 AM
Security Audit — agent-trust-hub — knowledge-base