skillify
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the 'gbrain' CLI and 'bun' test runner. Examples include 'gbrain check-resolvable', 'gbrain skillify scaffold', and 'bun test'. These commands are used to automate the validation and creation of skill infrastructure.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface (Category 8). It ingests untrusted data in the form of raw features and scripts to generate 'SKILL.md' files and test cases.
- Ingestion points: Target feature names, descriptions, and implementation file paths provided via CLI arguments or user input during the 'skillify' process.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the processed scripts.
- Capability inventory: The skill uses 'search' and 'list_pages' tools and has the capability to write new files (scaffolding) and execute them via test runners.
- Sanitization: No evidence of sanitization or escaping of the user-provided content before it is interpolated into new skill files or test suites.
Audit Metadata