distill
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches version information from the vendor's repository at github.com/abpai/skills to check for updates.
- [COMMAND_EXECUTION]: Instructs the agent to offer and execute 'npx skills update distill' if an update is found, which interacts with the system shell.
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection because it reads external documents (codebases, papers) using tools like Read and Glob. It lacks instructions to ignore malicious prompts within those documents.
- Ingestion points: Read, Glob, and Grep are used on user-provided paths as documented in the workflow section of SKILL.md.
- Boundary markers: The instructions do not include specific boundary markers or requirements to ignore instructions embedded in the analyzed content.
- Capability inventory: The skill allows access to the Write and Agent tools, which could be exploited following a successful indirect injection.
- Sanitization: No explicit sanitization or content validation steps are defined in the workflow.
Audit Metadata