improving-skills
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data in the form of third-party skill files (SKILL.md) and agent instruction files (AGENTS.md, CLAUDE.md). This creates an indirect prompt injection surface where a malicious skill being audited could attempt to influence the auditing agent's behavior.
- Ingestion points: Processes content from SKILL.md, AGENTS.md, CLAUDE.md, and other referenced files within a skill directory.
- Boundary markers: Instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when reading audited files.
- Capability inventory: The workflow involves running validation tools (
skills-ref), performing file system inventory, and potentially creating symlinks using system commands (mklinkoros.symlink). - Sanitization: No sanitization or filtering of the audited content is mentioned before the agent processes it.
- [EXTERNAL_DOWNLOADS]: The skill references an external validation tool (
skills-ref) located in theagentskillsrepository on GitHub. This is documented as a reference implementation for specification compliance. - [COMMAND_EXECUTION]: The skill documents standard developer workflows for cross-platform compatibility, including the use of directory junctions or symlinks (
mklink /Jon Windows oros.symlinkon POSIX systems).
Audit Metadata