skill-share
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to perform file system operations, including generating directory structures, writing configuration files, and creating ZIP archives for distribution.\n- [DATA_EXFILTRATION]: The skill is designed to transmit skill metadata and direct file links to external Slack channels via integration tools. While this is the intended primary functionality, it involves intentional data movement to a third-party service.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests user-provided text to generate executable skill files (
SKILL.md) and metadata.\n - Ingestion points: User-supplied skill names and descriptions provided during initialization.\n
- Boundary markers: No delimiters or explicit safety instructions (e.g., 'ignore embedded commands') are defined in the template generation process.\n
- Capability inventory: File system write access (creating scripts and instructions) and network operations (Slack notifications).\n
- Sanitization: The instructions do not specify any validation, escaping, or sanitization of the user input before it is interpolated into generated files.
Audit Metadata