Skills
skills/armelhbobdad/bmad-module-skill-forge/skf-brief-skill/Gen Agent Trust Hub

skf-brief-skill

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of local shell commands (including gh, git, curl, and qmd) and executes several bundled Python and TypeScript scripts (e.g., skf-validate-brief-inputs.py, skf-extract-public-api.py, skf-write-skill-brief.py) via uv run to perform repository analysis, workspace detection, and file operations.
  • [EXTERNAL_DOWNLOADS]: Connects to the GitHub API to fetch repository metadata, directory structures, and file contents. It also performs connectivity checks (HTTP HEAD requests) on user-provided documentation URLs using curl.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources, such as GitHub repository descriptions and source code manifests, to synthesize skill descriptions and identify API surfaces. This constitutes an indirect prompt injection surface.
  • Ingestion points: Repository descriptions (from GitHub API), file trees, and manifest contents (e.g., package.json, pyproject.toml).
  • Boundary markers: Not explicitly defined when interpolating external file contents into the analysis prompt.
  • Capability inventory: File system writes (skill-brief.yaml), shell command execution (uv run, gh, git), and network access via CLI tools.
  • Sanitization: Not explicitly mentioned in the workflow steps for the ingested repository metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 03:13 AM