Skills
skills/endorlabs/skills-ideas/endor-score/Gen Agent Trust Hub

endor-score

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the endorctl CLI tool to retrieve package health metrics from the Endor Labs API.
  • [EXTERNAL_DOWNLOADS]: Uses npx to download and run the endorctl package, which is an official tool provided by the author, Endor Labs.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where user-provided package names and versions are interpolated into shell commands. 1. Ingestion points: User-provided package names and versions in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution via npx and MCP tool calls. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:26 AM