Skills
skills/fellowship-dev/dogfooded-skills/skill-install/Gen Agent Trust Hub

skill-install

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from the author's GitHub repository (https://github.com/Fellowship-dev/dogfooded-skills) using Git. This is the primary function of the skill and involves resources associated with the vendor.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands such as git clone, cp, ls, grep, and diff. These tools are used to manage the local installation, check for existing files, and verify the integrity of the setup.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it downloads instructions (SKILL.md files) from a remote repository and integrates them into the agent's environment. While this is the intended behavior of an installer, it bypasses static analysis of the installed components at the time of installation.\n
  • Ingestion points: Remote content is cloned from dogfooded-skills/skills/ into the local project's .claude/skills/ directory via cp -r.\n
  • Boundary markers: No specific boundary markers or 'ignore' instructions are added when the new skill content is integrated into the project's instruction set.\n
  • Capability inventory: The skill uses Bash and Write capabilities to modify the local project, specifically editing the CLAUDE.md file and creating new skill directories.\n
  • Sanitization: The content from the remote repository is not sanitized or validated before being copied into the project's skill directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 05:51 PM