Skills
skills/kidow/skills/step-by-step/Gen Agent Trust Hub

step-by-step

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill suggests the optional installation of the visualstorming tool from the author's namespace if visual aids are required during the planning process.
  • [COMMAND_EXECUTION]: The instructions contain a shell command (npx skills@latest add kidow/skills/visualstorming) that the agent is instructed to present to the user for manual extension of the skill set.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by instructing the agent to explore and incorporate content from the user's codebase.
  • Ingestion points: exploration of local codebase files (SKILL.md).
  • Boundary markers: absent.
  • Capability inventory: codebase reading and user-directed shell command suggestions (SKILL.md).
  • Sanitization: absent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:12 AM
Security Audit — agent-trust-hub — step-by-step