Skills
skills/armelhbobdad/oh-my-skills/skf-create-skill/Gen Agent Trust Hub

skf-create-skill

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external GitHub repositories (source code, issues, PRs) and user-provided documentation URLs.
  • Ingestion points: Source files from source_repo, external documentation from doc_urls, and temporal context (issues/PRs/releases) fetched via the GitHub API.
  • Boundary markers: The skill relies on 'zero hallucination' instructions and provenance-tiered citations (e.g., [AST:...], [EXT:...]) to distinguish source content. It does not explicitly instruct the agent to ignore embedded instructions within the processed data.
  • Capability inventory: The skill possesses extensive capabilities including shell command execution (python3, git, gh, ast-grep, qmd), file system writes, and network access.
  • Sanitization: Implements a sanitization pass to replace angle brackets in skill descriptions and mandates double-quoting for all shell path interpolations.
  • [COMMAND_EXECUTION]: The workflow relies on various CLI tools (git, gh, ast-grep, qmd, python3) for core operations such as cloning, data extraction, and artifact generation. It utilizes a local script skf-atomic-write.py for atomic file operations. The instructions specifically mandate wrapping path interpolations in double quotes to prevent shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill performs several external network operations, including cloning repositories, querying the GitHub API, and fetching content from remote documentation URLs. It also uses npx to download and execute the skill-check and tessl validation tools at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 09:53 AM