Skills
skills/ivcota/skills/distill-to-skill/Gen Agent Trust Hub

distill-to-skill

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses WebSearch and WebFetch to retrieve content from arbitrary external URLs provided by the user or identified during research phases. This content is used as the primary source for skill generation.
  • [COMMAND_EXECUTION]: The skill employs the Agent tool to spawn multiple sub-processes concurrently for data extraction tasks. It also performs file system operations to move generated files from a staging directory to permanent installation paths like ~/.claude/skills/ or ~/.agents/skills/.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted external data (PDFs, articles, and transcripts). A malicious source could contain hidden instructions designed to bypass the skill's template constraints or to embed malicious behavior into the resulting agent skill.
  • Ingestion points: Uses the Read tool for local files (e.g., PDFs, epubs) and WebFetch for remote URLs.
  • Boundary markers: Implements strict output templates and citation rules requiring every claim to be grounded in a verifiable source quote.
  • Capability inventory: Uses the Agent tool for sub-task delegation and possesses file-write capabilities to hidden user directories.
  • Sanitization: While it mandates citation-based grounding, the skill does not explicitly mention sanitization or escaping of the raw source text before it is processed by sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 12:53 AM