ai-skill-manager
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The shell script
scripts/validate_all_skills.shexecutes a Python validator located at a path determined by theSKILL_VALIDATORenvironment variable or a default path in the user's home directory. This allows for the dynamic execution of scripts from computed paths. - [PROMPT_INJECTION]: The skill acts as a management layer that ingests and processes other
SKILL.mdfiles, which constitutes a surface for indirect prompt injection. - Ingestion points:
scripts/validate_all_skills.shrecursively finds and processes skill files within a specified repository root. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the script's processing logic.
- Capability inventory: The skill executes filesystem operations and shell commands through its validation script.
- Sanitization: The skill does not implement explicit sanitization of the content found within the processed
SKILL.mdfiles before passing them to the validator. - [SAFE]: The skill's documentation includes a security review section that provides best practices for auditing skills, such as checking for hardcoded credentials and blocking dangerous command patterns.
- [SAFE]: No hardcoded secrets, remote code downloads from untrusted sources, or data exfiltration patterns were detected in the skill's own implementation.
Audit Metadata