team-skill-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill automates tasks by running local scripts including
scripts/init_skill.py,scripts/package_skill.py, andscripts/publish.shwithin the agent environment. - [COMMAND_EXECUTION]: The workflow explicitly instructs the agent to 'Test any scripts by running them' during the creation phase, which involves executing code generated from user requirements or imported from external sources.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the ingestion and packaging of skill content directly from user-provided GitHub repositories.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection via user-supplied requirements or external repositories.
- Ingestion points: User input for skill purpose and triggers, and user-provided GitHub repositories (SKILL.md).
- Boundary markers: None specified in the instructions to separate user content from agent logic.
- Capability inventory: Capability to run initialization, packaging, and publishing scripts, as well as arbitrary execution of scripts being tested in the 'Create the Skill' step (SKILL.md).
- Sanitization: No validation or sanitization of user-provided content or external repository code is mentioned before execution or packaging.
Audit Metadata