Skills
skills/ppsteven/skills/my-skill/Gen Agent Trust Hub

my-skill

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute potentially dangerous shell commands, including rm -rf for recursive directory deletion and ln -s to create symbolic links in application-specific configuration folders (e.g., ~/.claude/skills/, ~/.cline/skills/).
  • [EXTERNAL_DOWNLOADS]: The research workflow retrieves skill packages from external sources using clawhub get and npx skills to perform technical evaluations.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by ingesting and parsing SKILL.md files from external repositories. Malicious content within these files could manipulate the agent's analysis or influence downstream tool calls.
  • [DATA_EXFILTRATION]: The deployment workflow includes git push commands that synchronize local skill implementations with remote repositories, which involves transmitting local code and metadata externally.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 07:04 PM