skill-auditor

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a legitimate development tool for repository maintenance with restricted read-only capabilities.
  • [COMMAND_EXECUTION]: Employs Bash for benign, read-only operations such as wc -l for line counting and ls for verifying the existence of sibling markdown files. These actions are aligned with the skill's primary purpose of auditing file structure and size.
  • [DATA_EXFILTRATION]: Reads local repository files located in the skills/ directory to perform consistency checks. The skill does not have network access (no network tools in allowed-tools) and focuses entirely on local analysis.
  • [PROMPT_INJECTION]: The skill processes untrusted content from audited repository files, creating a theoretical attack surface for indirect prompt injection.
  • Ingestion points: File content and paths from skills/**/SKILL.md (via Glob, Grep, and Read).
  • Boundary markers: None explicitly mentioned to separate audited content from instructions.
  • Capability inventory: Limited to Read, Glob, Grep, and restricted Bash (ls, wc). It lacks file-writing or network capabilities.
  • Sanitization: The skill performs textual analysis (regex-based extraction) and does not execute or interpret the content of the files it audits, significantly mitigating the risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — skill-auditor