skill-master

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [DYNAMIC_CONTEXT_INJECTION]: The skill documentation teaches the use of dynamic execution placeholders (e.g., !git status) to embed environment metadata into the prompt at load time. These are used for benign development purposes such as checking PR status or branch names.
  • [COMMAND_EXECUTION]: Facilitates the use of local scripts (e.g., Python) to automate deterministic tasks like data visualization or file scanning. This is a standard and intended mechanism for extending the agent's functionality within a skill's scope.
  • [PROMPT_INJECTION]: Features a 'Self-Optimization' capability where the agent can read its own source files and propose improvements. This self-referential behavior is documented as a maintenance feature and does not attempt to bypass safety constraints.
  • [DATA_EXPOSURE]: Interacts with standard development tools such as git and gh (GitHub CLI) to read repository information like diffs and logs, which is consistent with its primary role as a developer assistant tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 08:39 PM
Security Audit — agent-trust-hub — skill-master