Skills
skills/liqiongyu/my-agents/skill-researcher/Gen Agent Trust Hub

skill-researcher

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted community-authored skill content during its discovery and analysis phases, which constitutes an indirect prompt injection surface. This is mitigated by mandatory manual confirmation gates between phases. Ingestion points: Phase 3 of SKILL.md and retrieval tools documented in references/search-playbook.md. Boundary markers: Absent. Capability inventory: High capabilities including shell, network, and filesystem access specified in skill.json. Sanitization: Absent.
  • [COMMAND_EXECUTION]: The workflow utilizes shell commands including the gh CLI for repository searches and local python3 validation scripts for integrity checks.
  • [REMOTE_CODE_EXECUTION]: Utilizes npx to execute discovery tools, which involves fetching and running packages from the NPM registry at runtime.
  • [EXTERNAL_DOWNLOADS]: Fetches data from multiple community-curated GitHub repositories and known collections to build a research candidate set.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:11 AM