Skills
skills/fatih-developer/fth-skills/skill-comparator/Gen Agent Trust Hub

skill-comparator

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to use local tools such as git clone and the GitHub CLI (gh api) to fetch repository content when web fetching is unavailable. (File: SKILL.md)
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from external domains including skills.sh and github.com to acquire skill definitions for analysis. (File: SKILL.md)
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted markdown instructions from external sources during its analysis phase. Ingestion points: External SKILL.md files retrieved via web_fetch, git clone, or gh api. Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate external content. Capability inventory: The agent can perform network requests, execute shell commands (git/gh), and write files to the docs/skill-report/ directory. Sanitization: No explicit sanitization or filtering of the fetched content is defined before processing. (File: SKILL.md)
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 08:58 PM
Security Audit — agent-trust-hub — skill-comparator