shared
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a non-invocable library containing reference markdown documents and a basic structure validation script.
- [COMMAND_EXECUTION]: The skill contains a local bash script (
scripts/validate.sh) used for verifying the presence and content of theSKILL.mdfile. This script is benign and uses standard shell commands to check for file existence and YAML frontmatter. - [DATA_EXFILTRATION]: No sensitive information or hardcoded credentials were found. URLs point to official documentation and well-known repositories (e.g., anthropics, github.com).
- [REMOTE_CODE_EXECUTION]: The skill documents how to use external CLIs (Claude, Codex) but does not execute remote code itself. It provides templates and guidelines for safe orchestration and cleanup.
- [PROMPT_INJECTION]: The skill provides prompt templates for sub-agents that interpolate context data. These templates use boundary markers (e.g.,
<PACKET>tags) and explicitly define validation contracts to mitigate risks associated with untrusted input processing.
Audit Metadata