Skills
skills/foryourhealth111-pixel/vibe-skills/skill-lookup/Gen Agent Trust Hub

skill-lookup

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch external content, including scripts (Python, shell) and configuration files, from the prompts.chat MCP server.
  • [COMMAND_EXECUTION]: The instructions direct the agent to perform file system operations, such as creating directories and writing files to .claude/skills/ on the local machine.
  • [PROMPT_INJECTION]: The skill processes untrusted external data, creating a surface for indirect prompt injection.
  • Ingestion points: Data returned by the search_skills and get_skill MCP tools (SKILL.md, metadata, and script contents).
  • Boundary markers: Absent; there are no instructions to delimit fetched data or ignore embedded instructions within the downloaded skills.
  • Capability inventory: File system write access and directory creation are used to store the retrieved content.
  • Sanitization: Absent; the skill does not specify any validation, escaping, or filtering of the content retrieved from the marketplace.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 02:49 PM