Skills
skills/stevengonsalvez/agents-in-a-box/prime/Gen Agent Trust Hub

prime

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through ingested project data.\n
  • Ingestion points: The skill reads the project README.md file and executes commands (git ls-files, eza) that list filenames in the repository, both of which are under the control of the codebase author.\n
  • Boundary markers: Absent; the content is loaded into context without specific delimiters or instructions to ignore embedded agent commands.\n
  • Capability inventory: The agent has access to Bash and Read tools, which could be exploited if an injection in the codebase content is successful.\n
  • Sanitization: No sanitization or filtering of the ingested content is performed.\n- [COMMAND_EXECUTION]: Shell commands are executed via dynamic context injection when the skill is loaded.\n
  • Evidence: The skill uses the ! syntax (!git ls-files and `!`eza . --tree) to automatically execute local shell commands and populate the agent's context with file lists. These commands are legitimate for project discovery and context gathering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 09:05 AM