Skills
skills/niracler/skill/skill-reviewer/Gen Agent Trust Hub

skill-reviewer

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a dependency (writing-skills) from an untrusted third-party GitHub repository: https://github.com/obra/superpowers.
  • [COMMAND_EXECUTION]: The skill executes bundled shell and Python scripts (scripts/validate.sh and scripts/quick_validate.py) to automate structural checks on skill files.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and analyzes content from other potentially untrusted skills.
  • Ingestion points: Reads SKILL.md and script files from the target skills being audited.
  • Boundary markers: Absent. The auditing instructions do not specify the use of delimiters or warnings to ignore instructions found within the audited content.
  • Capability inventory: The skill can execute local bash/python scripts and invoke other skills (writing-skills).
  • Sanitization: Absent. The validation logic checks metadata format and length but does not sanitize the instructional content of audited files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 04:17 PM