skf-quick-skill
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill's core functionality involves reading README files and source code from arbitrary, user-provided GitHub repositories to generate documentation and usage patterns.
- Ingestion points: Step 3 fetches README.md and entry-point source files from remote repositories.
- Boundary markers: Absent; the instructions do not include specific delimiters or warnings to ignore embedded natural language instructions within the processed source data.
- Capability inventory: The skill can execute shell commands (python3, gh, npx), write files to the local system (Step 5), and perform network operations.
- Sanitization: Content is summarized by the LLM in Step 4, which may inadvertently adopt malicious instructions found in the repository's documentation.
- [COMMAND_EXECUTION]: The workflow extensively utilizes shell commands to execute local Python scripts and CLI tools for metadata resolution and validation.
- Evidence: Found in Steps 1, 3, 4, 5, and 6 using
python3,gh api, andnpx. - Detail: User-provided inputs such as package names are regex-validated (
[@a-zA-Z0-9._/-]+) to prevent shell metacharacter injection before being passed to subprocesses. - [EXTERNAL_DOWNLOADS]: The skill connects to external registries and GitHub to resolve and download package source code.
- Detail: Queries
registry.npmjs.org,pypi.org, andcrates.iofor package metadata. It uses the GitHub CLI (gh api) to retrieve repository contents and tags. - Note: These downloads target well-known technology services and are used for the skill's primary intended purpose.
- [DATA_EXFILTRATION]: While not exfiltrating local data, the skill retrieves remote data and writes it to the local file system in Step 5.
- Evidence: Compiled SKILL.md and metadata.json files are written to the
{skill_package}directory.
Audit Metadata