Skills
skills/htlin222/dotfiles/publish-the-skill/Gen Agent Trust Hub

publish-the-skill

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute several shell commands locally, including git, gh (GitHub CLI), and zip to package the skill and manage the repository.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it extracts values like name and description from a local SKILL.md file and interpolates them directly into shell commands and GitHub Action workflows. If these fields contain shell metacharacters or malicious scripts, they could be executed during the packaging or release process.
  • Ingestion points: SKILL.md (frontmatter fields: name, description).
  • Boundary markers: None present; values are directly assigned to variables and used in heredocs/templates.
  • Capability inventory: Subprocess calls for zip, git, and gh in SKILL.md.
  • Sanitization: No sanitization or validation of extracted metadata is performed before interpolation into commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:31 PM