skill-auditor
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a legitimate development tool for repository maintenance with restricted read-only capabilities.
- [COMMAND_EXECUTION]: Employs
Bashfor benign, read-only operations such aswc -lfor line counting andlsfor verifying the existence of sibling markdown files. These actions are aligned with the skill's primary purpose of auditing file structure and size. - [DATA_EXFILTRATION]: Reads local repository files located in the
skills/directory to perform consistency checks. The skill does not have network access (no network tools inallowed-tools) and focuses entirely on local analysis. - [PROMPT_INJECTION]: The skill processes untrusted content from audited repository files, creating a theoretical attack surface for indirect prompt injection.
- Ingestion points: File content and paths from
skills/**/SKILL.md(viaGlob,Grep, andRead). - Boundary markers: None explicitly mentioned to separate audited content from instructions.
- Capability inventory: Limited to
Read,Glob,Grep, and restrictedBash(ls,wc). It lacks file-writing or network capabilities. - Sanitization: The skill performs textual analysis (regex-based extraction) and does not execute or interpret the content of the files it audits, significantly mitigating the risk.
Audit Metadata