skill-logger
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions create a vulnerability surface for indirect prompt injection by interpolating untrusted user data into executable command arguments.
- Ingestion points: User-supplied text for fields 'skill', 'scene', 'satisfaction', and 'note' defined in the 'Step 1' collection phase of SKILL.md.
- Boundary markers: Absent; there are no delimiters, XML tags, or system instructions provided to the agent to treat these inputs as data rather than instructions.
- Capability inventory: The agent is directed to execute a shell command ('python3 scripts/log_skill_usage.py') in 'Step 2' of SKILL.md, using the collected data as command-line arguments.
- Sanitization: Absent; neither the markdown instructions nor the Python script logic provide mechanisms to sanitize or escape shell metacharacters in user-supplied strings before execution.
- [COMMAND_EXECUTION]: The skill relies on shell command execution to perform its primary function.
- Evidence: The 'Step 2' block in SKILL.md provides a bash template for executing the 'scripts/log_skill_usage.py' script locally.
Audit Metadata