skill-security-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary functionality is delivered through a Python script (
scripts/check_ascii.py). The documentation instructs the agent to execute this script using a subprocess call to analyze target files. - [SAFE]: The skill's code was reviewed for malicious intent. The patterns detected (such as search strings for prompt injection or dangerous commands) are used exclusively for auditing purposes and are not executed by the script itself.
- The script uses standard libraries (
os,sys,re,string) and performs no network operations. - It identifies risks like hardcoded IPs and suspicious TLDs (e.g.,
.ru,.tk) without attempting to connect to them. - [EXTERNAL_DOWNLOADS]: The documentation mentions installation via
skills.sh, which is a well-known service for managing AI agent skills. This is a reference for user installation and does not involve runtime downloads by the skill code itself.
Audit Metadata