skill-writer
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill exhibits safe data handling practices. Its specification (
SPEC.md) explicitly forbids the storage of secrets, credentials, tokens, or private customer data. It uses workspace-relative paths and does not perform any unauthorized data exfiltration or access to sensitive system files. - [COMMAND_EXECUTION]: The skill includes a Python script,
scripts/quick_validate.py, and provides instructions for running it locally usinguv run. This script performs safe, structural checks on skill files (such as YAML parsing and file existence checks) and does not involve any high-risk shell commands or remote execution. - [INDIRECT_PROMPT_INJECTION]: As a tool designed to synthesize information from external sources (such as documentation URLs), the skill possesses an inherent attack surface for indirect prompt injection.
- Ingestion points: The skill retrieves content from external URLs and local workspace files as part of its synthesis workflow.
- Boundary markers: No explicit boundary markers or "ignore instructions" delimiters are used when processing source content, though the workflow guide encourages high-signal source collection.
- Capability inventory: The agent can write skill files, execute a local Python validator, and access the network to fetch documentation.
- Sanitization: The skill relies on the agent's internal reasoning and structured templates rather than explicit input sanitization. This is a low-risk concern given the primary purpose of the skill as a content synthesizer for documentation.
Audit Metadata