improving-skills

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data in the form of third-party skill files (SKILL.md) and agent instruction files (AGENTS.md, CLAUDE.md). This creates an indirect prompt injection surface where a malicious skill being audited could attempt to influence the auditing agent's behavior.
  • Ingestion points: Processes content from SKILL.md, AGENTS.md, CLAUDE.md, and other referenced files within a skill directory.
  • Boundary markers: Instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when reading audited files.
  • Capability inventory: The workflow involves running validation tools (skills-ref), performing file system inventory, and potentially creating symlinks using system commands (mklink or os.symlink).
  • Sanitization: No sanitization or filtering of the audited content is mentioned before the agent processes it.
  • [EXTERNAL_DOWNLOADS]: The skill references an external validation tool (skills-ref) located in the agentskills repository on GitHub. This is documented as a reference implementation for specification compliance.
  • [COMMAND_EXECUTION]: The skill documents standard developer workflows for cross-platform compatibility, including the use of directory junctions or symlinks (mklink /J on Windows or os.symlink on POSIX systems).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 05:37 PM
Security Audit — agent-trust-hub — improving-skills