skill-manager
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a guide for building agent capabilities, focusing on procedural instructions and structural organization. It includes recommendations for using the
allowed-toolsmetadata field to restrict tool access for security purposes.\n- [COMMAND_EXECUTION]: Contains instructional examples for standard file system commands (mkdir, touch, rm, chmod) intended for local environment management of skill files.\n- [EXTERNAL_DOWNLOADS]: References common package managers (e.g., pip) in templates to illustrate how to handle dependencies for custom-built skills.\n- [SAFE]: Evaluation of Category 8 (Indirect Prompt Injection) surfaces: The skill documentation describes an attack surface where it processes user-provided skill definitions. \n - Ingestion points: User-provided requests for skill creation and existing SKILL.md files.\n
- Boundary markers: Not explicitly defined in instructions, though YAML frontmatter provides structure.\n
- Capability inventory: File system operations (mkdir, touch, rm, chmod) and package management (pip) instructions.\n
- Sanitization: None described; the skill relies on the agent's inherent safety filters and the use of the
allowed-toolsrestriction field.
Audit Metadata