vp-foreign-agent-skill-loader
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to ingest and adapt instructions from foreign agent skill files (e.g.,
.cursor/skills/.../SKILL.md). This architecture naturally introduces a surface for indirect prompt injection where instructions in local repository files could influence agent behavior. \n - Ingestion points: The scanner targets
SKILL.mdfiles located in agent-specific subdirectories (e.g.,.<agent>/skills/). \n - Boundary markers: The skill provides explicit instructions to treat discovered skills as 'foreign-agent guidance' rather than native directives and specifies that user and current-agent instructions must retain higher priority. \n
- Capability inventory: The system uses a bundled Node.js script to read file metadata and empowers the agent to adapt workflows based on found instructions. \n
- Sanitization: The skill relies on architectural boundary markers and agent-level adaptation logic rather than content-level sanitization of the foreign skill bodies. \n- [COMMAND_EXECUTION]: The skill includes a local Node.js utility (
scripts/index-foreign-agent-skills.mjs) used to index the repository. Technical review confirms the script is self-contained, using only built-in Node.js modules for file system operations, and performs no network activities or privileged operations.
Audit Metadata