skf-export-skill
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to aggregate content from multiple skill sources and inject it into the agent's primary instruction files. This creates a surface for indirect prompt injection where content from a processed skill could attempt to influence the agent's behavior. However, this is the intended purpose of the tool, and it includes clear markers () to delimit the injected content.
- Ingestion points: Reads SKILL.md and metadata.json from skill packages to generate snippets.
- Boundary markers: Uses specific HTML comment markers to define the managed section in context files.
- Capability inventory: Capable of writing to project-level files (CLAUDE.md, .cursorrules, AGENTS.md) and maintaining an export manifest.
- Sanitization: Extracts specific fields (API, key types, gotchas) but relies on the integrity of the source skills.
- [COMMAND_EXECUTION]: The workflow involves user-initiated execution of the npx skills CLI tool for publishing and adding skills. This is a standard practice for the tool's ecosystem and is explicitly presented to the user in the summary step.
Audit Metadata