Skills
skills/affaan-m/everything-claude-code/skill-scout/Gen Agent Trust Hub

skill-scout

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses find and grep to locate skill definition files in the local ~/.claude/ directory and the GitHub CLI (gh search) for remote searches. These commands are scoped for read-only discovery of skill metadata and do not execute external scripts.
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub and web search results, presenting an indirect prompt injection surface (Category 8). Evidence chain: Ingestion points are external GitHub repositories and web pages (Step 3); boundary markers and sanitization are absent. However, the skill includes a dedicated vetting process in Step 4, requiring the agent to audit external SKILL.md content for unexpected shell commands, network calls, and credential handling before recommendation. The capability inventory for this surface is limited to read-only local search and remote search APIs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:44 PM