agent-skill-review
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The README.md file contains installation instructions using
npx skills add bahayonghang/my-claude-code-settings/skills. This refers to the author's own repository for skill distribution and is standard for the platform. - [COMMAND_EXECUTION]: The SKILL.md file instructs the agent to validate audited skills by running non-destructive commands like
--help, dry-run, or test fixtures. This is a functional requirement of the auditing process and is coupled with explicit safety instructions: 'Do not run network, credentialed, destructive, or expensive actions unless the user asked for implementation-level validation.' - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and process untrusted data from external skill directories.
- Ingestion points: Reads
SKILL.md,agents/openai.yaml, and all referenced files inreferences/,scripts/, andassets/of the directory being audited. - Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands within the content being reviewed.
- Capability inventory: The skill has the ability to execute local scripts and edit files if requested by the user.
- Sanitization: None detected. The skill processes the content as-is to perform its evaluation.
Audit Metadata