Skills
skills/armelhbobdad/bmad-module-skill-forge/skf-create-stack-skill/Gen Agent Trust Hub

skf-create-stack-skill

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like grep, mkdir, and python3 to analyze codebase patterns and manage output. These operations are local to the project and support the skill's primary function of documentation generation.
  • [EXTERNAL_DOWNLOADS]: The skill invokes npx skill-check during the validation phase. This is a standard procedure in JavaScript development that may retrieve the validation tool from the official NPM registry.
  • [PROMPT_INJECTION]: The skill processes untrusted project data (manifests and source code) to generate AI-readable documentation. This activity presents an indirect prompt injection surface. The ingestion points include manifest parsing in step-02-detect-manifests.md and export extraction in step-04-parallel-extract.md. While the skill does not use explicit boundary markers or sanitization for interpolated content, its capabilities are limited to structural analysis and local file writes, and it does not execute the content of the processed files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 03:13 AM