Skills
skills/aiskillstore/marketplace/skill-vetter/Gen Agent Trust Hub

skill-vetter

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill mentions prompt injection strings like "ignore previous instructions" within its "Content Analysis" section. These are explicitly defined as defensive examples of patterns to detect when auditing other skills, not as active instructions for the agent.
  • [COMMAND_EXECUTION]: References to shell commands such as "curl", "wget", and "bash" are provided in the "Vetting Protocol" as examples of "Critical" red flags for users to look for in suspicious skills. There is no attempt by this skill to execute these commands.
  • [CREDENTIALS_UNSAFE]: Sensitive file paths like "/.ssh", "/.aws", and ".env" are listed in the "Step 3: Content Analysis" section as indicators of malicious behavior in the context of a security audit. The skill does not request or attempt to access these files.
  • [DATA_EXFILTRATION]: The skill documents the risk of "network" + "shell" permission combinations as a potential vector for data exfiltration. This is provided as a security warning for the auditor and does not involve any actual network operations by the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 01:25 AM
Security Audit — agent-trust-hub — skill-vetter