skillify
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (
ls -la) to list files in thesummaries/andtranscripts/directories, allowing it to discover and access local file structures. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. Ingestion points: Untrusted content is read from local markdown and text files in
SKILL.md. Boundary markers: There are no delimiters or 'ignore' instructions protecting the agent when it processes this data. Capability inventory: The skill performs file listing (ls), file creation/writing (SKILL.md), and web searches. Sanitization: Input content is used directly to generate new skill instructions without sanitization, potentially allowing malicious content to be persisted in the agent's skill library. - [DATA_EXFILTRATION]: The skill reads local file content and automatically generates web search queries. This behavior could lead to the exposure of sensitive information found in transcripts or summaries to external search engines during the automated research process.
Audit Metadata