skill-vetter
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill acts as a security utility for AI agents.\n- [EXTERNAL_DOWNLOADS]: The skill includes instructions to fetch repository information and skill files from GitHub via official API and content delivery domains (api.github.com and raw.githubusercontent.com). These are well-known services, and the data is retrieved for auditing purposes.\n- [COMMAND_EXECUTION]: Provides command templates for curl and jq to inspect external skill metadata. These operations are limited to data retrieval and parsing and do not involve executing untrusted code.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted skill content from external sources. \n
- Ingestion points: SKILL.md fetches data from external URLs in the 'Quick Vet Commands' section.\n
- Boundary markers: Absent; the skill does not provide specific delimiters or ignore-instructions for the content it reviews.\n
- Capability inventory: Uses curl and jq for network and data processing.\n
- Sanitization: Absent; the protocol relies on the agent's internal analysis and human review for high-risk findings rather than technical sanitization.
Audit Metadata