Skills
skills/j5ik2o/ai-tools/skill-forge/Gen Agent Trust Hub

skill-forge

Warn

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the subprocess module in scripts such as run_eval_claude.py and run_eval_codex.py to invoke local CLI tools with user-defined queries and skill content.
  • [EXTERNAL_DOWNLOADS]: The skill manages dependencies via uv and fetches the SheetJS library from a public CDN to support spreadsheet rendering in the evaluation viewer.
  • [PROMPT_INJECTION]: By processing and iterating on user-provided SKILL.md and evals.json files, the skill is exposed to indirect prompt injection where instructions within the skill-under-development could attempt to override the agent's behavior during testing or optimization.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 19, 2026, 07:33 AM