Skills
skills/yigitkonur/skills-by-yigitkonur/update-agent-config/Gen Agent Trust Hub

update-agent-config

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard shell utilities including grep, sed, find, ls, wc, and git to analyze repository structure and verify documentation claims. These operations are performed via a read-only audit script (scripts/audit-agents-md.sh) and specifically scoped tool calls defined in the prompt templates.
  • [DATA_EXFILTRATION]: The skill is designed to perform git commit and git push at the conclusion of its workflow. While these are necessary for the skill's primary function of maintaining remote documentation, they represent network operations that modify remote repository state.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads and processes the content of AGENTS.md and REVIEW.md files from the target repository to identify drift.
  • Ingestion points: All markdown files in the AGENTS hierarchy across the repository (e.g., SKILL.md, references/agent-dispatch.md).
  • Boundary markers: Auditor agent prompts use absolute file paths and specific Markdown headers as delimiters to isolate untrusted content.
  • Capability inventory: Access to repository files, shell execution (bash), and git operations (commit, push) across all skill components.
  • Sanitization: The skill enforces a 'falsifiable-claim' rule, requiring the agent to independently verify any symbol, line number, or count using local tools like grep or ls before it can be used to update documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:36 PM
Security Audit — agent-trust-hub — update-agent-config