Skills
skills/daymade/claude-code-skills/marketplace-health-check/Gen Agent Trust Hub

marketplace-health-check

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands and vendor-provided scripts to audit the repository environment.
  • Evidence: Uses standard tools such as gh, grep, find, jq, and git for repository analysis in SKILL.md and scripts/repo-health-check.workflow.js.
  • Evidence: Executes maintenance scripts located within the vendor's directory, specifically daymade-claude-code/marketplace-dev/scripts/check_marketplace.sh and check_doc_skill_lists.py.- [PROMPT_INJECTION]: The skill processes potentially untrusted content from GitHub Pull Requests and Issues, creating a surface for indirect injection.
  • Ingestion points: Fetches data via gh pr list, gh issue list, gh pr view, and gh issue view in scripts/repo-health-check.workflow.js.
  • Boundary markers: Agents are constrained by dimension-specific prompts and a strict JSON schema (CHECK_SCHEMA) for their output.
  • Capability inventory: The agents have access to shell utilities (grep, find) and the repository's files.
  • Sanitization: The skill incorporates a robust "Counter-Review" methodology as described in SKILL.md and references/health-check-methodology.md, requiring the agent to independently verify and validate findings before reporting them to the user to prevent the relaying of noise or malicious instructions embedded in the analyzed data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 10:38 AM
Security Audit — agent-trust-hub — marketplace-health-check