Skills
skills/armelhbobdad/bmad-module-skill-forge/skf-update-skill/Gen Agent Trust Hub

skf-update-skill

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to perform its duties. It executes git for repository fetching and metadata verification, npx to run the skill-check validation tool, gh for GitHub API interactions, and ast-grep (via ast_bridge) for structural code analysis.
  • [EXTERNAL_DOWNLOADS]: To resolve remote source code for specific skill tiers, the workflow downloads code from GitHub via git clone or the GitHub API. It also downloads and executes the skill-check utility from the NPM registry via npx. These operations are conducted through well-known, established services and are integral to the skill's functionality.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it extracts content (docstrings and signatures) from untrusted project source code and external test reports to populate its generated instructions. \n
  • Ingestion points: Project source code files (e.g., .ts, .py) and test-report-*.md files.\n
  • Boundary markers: The merge logic does not explicitly define boundary markers or 'ignore instructions' warnings for the extracted content.\n
  • Capability inventory: The skill has broad file system access and shell command execution capabilities.\n
  • Sanitization: No explicit sanitization or validation of the extracted comments is described before they are merged into the final SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 05:05 PM
Security Audit — agent-trust-hub — skf-update-skill