update-skill
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as mv, rm, and ln to handle skill renames and symlink management. These operations are performed at the final stage of the workflow and require explicit user confirmation of the planned changes. \n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes target skills that may contain untrusted data. \n
- Ingestion points: Target skill Markdown files are read in full to perform audits and edits (WORKFLOW.md, step 1). \n
- Boundary markers: No explicit delimiters or warnings for the agent to ignore instructions in the data are used during ingestion. \n
- Capability inventory: The skill has access to shell execution (Bash), file edits (Edit), and file writes (Write). \n
- Sanitization: No automated sanitization of ingested content is performed, though the workflow mandates a human-in-the-loop review of all proposed changes.
Audit Metadata