Skills
skills/dtyq/magic/skill-vetter/Gen Agent Trust Hub

skill-vetter

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and preview of external code from GitHub, skillhub, and platform markets into a dedicated temporary directory (/tmp/skillhub-preview/) for the purpose of security evaluation.
  • [COMMAND_EXECUTION]: The skill utilizes shell_exec to perform necessary inspection tasks, including using find to list files, cat to read their contents, and rm for cleaning up the preview environment. It also uses the skillhub CLI tool to manage skill previews.
  • [PROMPT_INJECTION]: The vetting protocol in SKILL.md contains an indirect prompt injection surface as it requires the agent to read and evaluate untrusted code from external skills.
  • Ingestion points: Untrusted data from the skills being vetted is ingested into the agent context via the output of cat commands (instructed in SKILL.md).
  • Boundary markers: The protocol in SKILL.md does not specify boundary markers or delimiters to isolate untrusted content from the agent's core instructions.
  • Capability inventory: The agent maintains shell_exec capabilities (instructed in SKILL.md) while processing the potentially malicious ingested data.
  • Sanitization: No explicit sanitization or escaping of the ingested code content is defined in the SKILL.md protocol.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 10:51 PM