Skills
skills/armelhbobdad/oh-my-skills/skf-update-skill/Gen Agent Trust Hub

skf-update-skill

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow executes various CLI tools including git (clone, fetch, checkout), gh (GitHub API), and ast-grep (code analysis) to manage the skill lifecycle.\n- [EXTERNAL_DOWNLOADS]: Fetches source code from remote repositories, including GitHub, and utilizes npx to download and execute the skill-check utility from the npm registry.\n- [REMOTE_CODE_EXECUTION]: Executes code from the skill-check npm package via npx to perform validation and security scanning.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of ingesting untrusted source code and metadata files to generate or update instructions.\n
  • Ingestion points: Processes source code, authoritative documentation (e.g., llms.txt, .cursorrules), and existing skill artifacts.\n
  • Boundary markers: Uses [MANUAL] tags for content preservation, but lacks instructions to the agent to disregard commands found within the code it analyzes.\n
  • Capability inventory: Has permissions for extensive file system modifications and execution of shell commands.\n
  • Sanitization: Employs a 'Description Guard Protocol' to maintain frontmatter integrity and prevent metadata poisoning during tool execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 09:53 AM