skf-test-skill
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses various system commands and local scripts (e.g., grep, awk, sed, git, ast-grep, and custom Python scripts) to analyze the filesystem and code structure. These operations are essential for the auditing process and are used as intended.
- [EXTERNAL_DOWNLOADS]: The skill invokes external validation tools (skill-check and tessl) via npx. These are well-known tools in the developer ecosystem used for validating skill specifications and content quality.
- [PROMPT_INJECTION]: The skill processes external documentation by delegating tasks to subagents. This introduces a surface for indirect prompt injection. However, the risk is mitigated through strict output formatting requirements (JSON only), schema validation, and ground-truth spot-checks performed by the parent agent to prevent hallucinations or malicious instructions from entering the workflow.
Audit Metadata