skill-check
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates as a passive, read-only linter using the
ReadandGlobtools to analyze other skill files. It does not perform network operations or unauthorized file modifications. - [PROMPT_INJECTION]: Static analysis detections in
marketplace-checks.mdare false positives; the file contains examples of injection patterns (e.g., "ignore previous instructions") as part of a security audit checklist for users to check other skills. - [REMOTE_CODE_EXECUTION]: Repository documentation for the third-party "Beads" issue tracking system (
.beads/README.md) contains a standard installation command usingcurl | bash. This is a documentation item for developers and is not invoked by the skill itself. - [COMMAND_EXECUTION]: Project maintenance instructions in
AGENTS.mddirect contributing agents to use development tools likegitandbd(Beads) for task synchronization and version control. - [EXTERNAL_DOWNLOADS]: Reference documentation for the optional Go-based CLI tool (
skill-check/references/cli.md) includes instructions for downloading the binary viago install.
Audit Metadata