sync-public-skills

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing local PowerShell scripts (Sync-AndPush.ps1 and Sync-InternalSkills.ps1) and standard development tools such as git and gh. Script paths are resolved dynamically using environment variables such as SYNC_PUBLIC_SKILLS_SCRIPT.
  • [DATA_EXFILTRATION]: The skill's primary purpose is the transfer of repository content across security boundaries (from private repositories to public or internal ones). While the skill includes procedures for "Public Safety Audits" to identify secrets like customer names, emails, and Tenant IDs, the underlying operation is a data transfer process targeting remote servers.
  • [PROMPT_INJECTION]: The skill ingests and audits external content (SKILL.md files from various repository paths), which introduces a surface for indirect prompt injection.
  • Ingestion points: File content from .github/skills/ and copilot-skills/skills/ within the private repository.
  • Boundary markers: The instructions do not specify the use of delimiters or isolation markers when processing the external content.
  • Capability inventory: The agent can execute shell commands, perform file system operations (including deleting un-tracked metadata), and synchronize data with remote repositories.
  • Sanitization: While manual audit criteria are provided for identifying sensitive data, there is no mention of technical sanitization or escaping of the ingested file content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:34 AM
Security Audit — agent-trust-hub — sync-public-skills