skill-check

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill operates as a passive, read-only linter using the Read and Glob tools to analyze other skill files. It does not perform network operations or unauthorized file modifications.
  • [PROMPT_INJECTION]: Static analysis detections in marketplace-checks.md are false positives; the file contains examples of injection patterns (e.g., "ignore previous instructions") as part of a security audit checklist for users to check other skills.
  • [REMOTE_CODE_EXECUTION]: Repository documentation for the third-party "Beads" issue tracking system (.beads/README.md) contains a standard installation command using curl | bash. This is a documentation item for developers and is not invoked by the skill itself.
  • [COMMAND_EXECUTION]: Project maintenance instructions in AGENTS.md direct contributing agents to use development tools like git and bd (Beads) for task synchronization and version control.
  • [EXTERNAL_DOWNLOADS]: Reference documentation for the optional Go-based CLI tool (skill-check/references/cli.md) includes instructions for downloading the binary via go install.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 09:22 AM
Security Audit — agent-trust-hub — skill-check