Skills
skills/mizchi/skills/skill-selector/Gen Agent Trust Hub

skill-selector

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of remote agent skills from GitHub repositories. The catalog in references/catalog.md points to repositories under the author's namespace (mizchi) and other well-known technology organizations such as moonbitlang and ast-grep.
  • [COMMAND_EXECUTION]: Instructs the agent to execute the apm command-line tool (e.g., apm install, apm view) to manage project and global skills. This is the primary function of the skill and is triggered based on project analysis.
  • [PROMPT_INJECTION]: Contains an indirect prompt injection surface (Category 8) as it reads untrusted external data from project files (e.g., package.json, moon.mod.json, flake.nix) to drive logic for skill proposals.
  • Ingestion points: Signal detection logic in SKILL.md reads project manifests like package.json, moon.mod.json, gleam.toml, flake.nix, and .github/workflows/.
  • Boundary markers: Absent; instructions do not specify the use of delimiters or 'ignore' instructions when reading these manifest files.
  • Capability inventory: The skill has the capability to execute apm install, apm view, and perform file-write operations to apm.yml and apm.lock.yaml as documented in SKILL.md.
  • Sanitization: Absent; the skill relies on simple key/signal detection without explicit validation of the content within the manifest files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 07:06 PM
Security Audit — agent-trust-hub — skill-selector