Skills
skills/jubscodes/get-shit-pretty/gsp-runtime-compat/Gen Agent Trust Hub

gsp-runtime-compat

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection because it retrieves and processes unstructured data from external websites to research runtime documentation.
  • Ingestion points: Processes data from multiple documentation URLs using WebFetch and WebSearch as defined in the SKILL.md process.
  • Boundary markers: Lacks delimiters or instructions to ignore potential commands embedded in the fetched documentation content.
  • Capability inventory: Accesses tools including Bash, Read, Glob, and Grep, creating an execution surface if malicious instructions are ingested.
  • Sanitization: Fetched documentation is parsed and summarized without validation or sanitization of its content.
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation from several well-known technology domains including Anthropic's Claude documentation, OpenCode, Gemini CLI, and OpenAI's Codex documentation to maintain format compatibility.
  • [COMMAND_EXECUTION]: Employs Bash to execute grep searches within the project's bin/install.js file. These commands are restricted to auditing specific function signatures within the local repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 07:13 PM