Skills
skills/luongnv89/skills/brand-name-checker/Gen Agent Trust Hub

brand-name-checker

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves availability data from well-known official services such as npm (registry.npmjs.org), PyPI (pypi.org), Homebrew (brew.sh), and international trademark databases (WIPO, EUIPO, INPI). These downloads are restricted to technical and legal metadata and involve no code execution.\n- [COMMAND_EXECUTION]: Static Git templates are provided in references/repo-sync.md to facilitate repository maintenance tasks such as fetching, pulling, and stashing. These operations are common in development agents and do not present an elevated security risk.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external content from registries and social platforms. \n
  • Ingestion points: SKILL.md and agent scripts (agents/registry-checker.md, agents/social-checker.md) fetch external data via WebFetch and WebSearch.\n
  • Boundary markers: None explicitly defined for untrusted input.\n
  • Capability inventory: Git command execution in references/repo-sync.md.\n
  • Sanitization: None described for external content. \n As the ingestion of this data is fundamental to the skill's primary research purpose, this surface is considered a standard functional characteristic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 05:07 PM
Security Audit — agent-trust-hub — brand-name-checker