awesome-agent-skills
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It is designed to process untrusted data—such as code for review, research topics, or claims for fact-checking—using high-privilege tools without adequate defensive prompting.
- Ingestion points: The skill ingests user-provided code, documents, and research topics across all reference pipeline files (e.g., coding-pipeline.md, research-pipeline.md).
- Boundary markers: Not present. The persona instructions do not define clear delimiters or instruct the agent to ignore instructions embedded within the processed data.
- Capability inventory: The skill utilizes powerful tools including Bash, WebFetch, Write, and Edit across its various personas.
- Sanitization: Not present. There is no logic or instruction to validate, escape, or filter external content before it is processed or used in tool calls.
- [EXTERNAL_DOWNLOADS]: The
scripts/install.shfile facilitates the download of additional content. It usesnpx skills addto fetch the routing skill from the author's own repository and the full persona collection from an upstream GitHub repository (shubhamsaboo/awesome-agent-skills). While this is a documented feature for setting up the skill collection, it involves fetching and installing external logic. - [COMMAND_EXECUTION]: The skill requests broad permissions in its frontmatter, including
BashandEdit. Additionally, the providedscripts/install.shis an executable script that performs shell operations to automate the environment setup.
Audit Metadata