Skills
skills/belt-sh/skills/skillify/Gen Agent Trust Hub

skillify

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It is designed to extract patterns and procedures from the current conversation history (Step 1: 'Extract the pattern') and turn them into permanent SKILL.md files. If an attacker provides malicious instructions within the conversation, the agent might 'skillify' those instructions, creating a persistent malicious skill that can be published or reused later.
  • Ingestion points: Conversation history (all previous turns in the chat).
  • Boundary markers: None specified for the extraction process to distinguish between safe instructions and malicious injections.
  • Capability inventory: Write, Edit, Bash(belt skill upload) (allows file creation and remote publication).
  • Sanitization: No validation or filtering is mentioned for the content being extracted into the new skill.
  • [COMMAND_EXECUTION]: The skill utilizes the belt CLI tool (e.g., belt skill search, belt skill upload) to interact with a skill registry. These commands are integral to the skill's purpose and use vendor-specific tooling associated with the author 'belt-sh'.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 04:11 PM