Skills
skills/carloschiva/full-ai-stack-skill/full-ai-stack/Gen Agent Trust Hub

full-ai-stack

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references and clones content from the official repository github.com/CarlosChiva/code-agents-team.git to install agent components.
  • [COMMAND_EXECUTION]: Utilizes a provided shell script change_provider_model_opencode.sh to update agent model and provider settings in the user's local configuration directory ($HOME/.config/opencode/agents). The script uses standard utilities like find, grep, and sed to modify markdown-based configuration files.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it instructs the agent to follow instructions from a remote README.md file located in the code-agents-team repository.
  • Ingestion points: Remote README.md from https://github.com/CarlosChiva/code-agents-team.git.
  • Boundary markers: Not present; the agent is directed to follow the external instructions directly.
  • Capability inventory: Includes file modification via sed, repository cloning, and script execution.
  • Sanitization: No specific sanitization or validation is performed on the content retrieved from the remote repository before the agent is instructed to follow its guidance.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:22 AM
Security Audit — agent-trust-hub — full-ai-stack