team-skill-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates tasks by running local scripts including scripts/init_skill.py, scripts/package_skill.py, and scripts/publish.sh within the agent environment.
  • [COMMAND_EXECUTION]: The workflow explicitly instructs the agent to 'Test any scripts by running them' during the creation phase, which involves executing code generated from user requirements or imported from external sources.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the ingestion and packaging of skill content directly from user-provided GitHub repositories.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection via user-supplied requirements or external repositories.
  • Ingestion points: User input for skill purpose and triggers, and user-provided GitHub repositories (SKILL.md).
  • Boundary markers: None specified in the instructions to separate user content from agent logic.
  • Capability inventory: Capability to run initialization, packaging, and publishing scripts, as well as arbitrary execution of scripts being tested in the 'Create the Skill' step (SKILL.md).
  • Sanitization: No validation or sanitization of user-provided content or external repository code is mentioned before execution or packaging.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:39 PM
Security Audit — agent-trust-hub — team-skill-workflow