Skills
skills/dmmulroy/.dotfiles/sync-pocock-skills/Gen Agent Trust Hub

sync-pocock-skills

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from the public repository https://github.com/mattpocock/skills.git using git clone in scripts/sync.sh.
  • [COMMAND_EXECUTION]: The skill utilizes several powerful shell commands to manage files:
  • rsync -a --delete is used in scripts/apply-upstream.sh to synchronize directories, which includes deleting local files not found in the source.
  • patch is used to apply local modifications to the downloaded content.
  • git clone is used for remote data ingestion.
  • [PROMPT_INJECTION]: The skill presents an 'Indirect Prompt Injection' surface by importing third-party instructions into the agent's execution environment.
  • Ingestion points: scripts/sync.sh clones the external repository into a local directory.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are applied to the downloaded content.
  • Capability inventory: The skill has the ability to write to and delete from the agent's local skills directory ($HOME/.pi/agent/skills) via rsync and patch operations.
  • Sanitization: The skill performs pattern matching to ensure compatibility (e.g., replacing 'Claude Code' references), but does not perform security-focused sanitization of the downloaded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 07:56 AM
Security Audit — agent-trust-hub — sync-pocock-skills