awesome-agent-skills

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It is designed to process untrusted data—such as code for review, research topics, or claims for fact-checking—using high-privilege tools without adequate defensive prompting.
  • Ingestion points: The skill ingests user-provided code, documents, and research topics across all reference pipeline files (e.g., coding-pipeline.md, research-pipeline.md).
  • Boundary markers: Not present. The persona instructions do not define clear delimiters or instruct the agent to ignore instructions embedded within the processed data.
  • Capability inventory: The skill utilizes powerful tools including Bash, WebFetch, Write, and Edit across its various personas.
  • Sanitization: Not present. There is no logic or instruction to validate, escape, or filter external content before it is processed or used in tool calls.
  • [EXTERNAL_DOWNLOADS]: The scripts/install.sh file facilitates the download of additional content. It uses npx skills add to fetch the routing skill from the author's own repository and the full persona collection from an upstream GitHub repository (shubhamsaboo/awesome-agent-skills). While this is a documented feature for setting up the skill collection, it involves fetching and installing external logic.
  • [COMMAND_EXECUTION]: The skill requests broad permissions in its frontmatter, including Bash and Edit. Additionally, the provided scripts/install.sh is an executable script that performs shell operations to automate the environment setup.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 09:47 AM
Security Audit — agent-trust-hub — awesome-agent-skills