Skills
skills/cloudvoyant/codevoyant/skill/Gen Agent Trust Hub

skill

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches skill definitions, frontmatter, and repository content from agentskill.sh and GitHub (raw.githubusercontent.com) to support the research and exploration workflows.
  • [COMMAND_EXECUTION]: Executes npx commands to interact with the 'skills' CLI and the vendor-scoped '@codevoyant/agent-kit' for tasks including plan registration, notification, and project scaffolding.
  • [PROMPT_INJECTION]: The skill exhibits a surface area for indirect prompt injection as it retrieves and processes content from untrusted external repositories and user-supplied URLs.
  • Ingestion points: workflows/explore.md (Agent B/C fetching GitHub/agentskill.sh content) and workflows/new.md/workflows/update.md (processing user-provided research URLs via the WebFetch tool).
  • Boundary markers: The researcher agent prompt (agents/skill-researcher.md) explicitly instructs the model to be 'completely faithful to the source' and 'not invent, infer, or explore beyond what is written'.
  • Capability inventory: The skill is capable of writing files to the local system, executing shell commands through npx, and spawning multiple subagents with specific model assignments (Opus/Sonnet/Haiku).
  • Sanitization: The workflow requires multiple AskUserQuestion confirmation steps, ensuring the user reviews and accepts the generated design plans before any permanent file changes or tool installations are performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 01:36 AM