Skills
skills/sfrangulov/skill-graveyard/skill-graveyard/Gen Agent Trust Hub

skill-graveyard

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use npx skill-graveyard@latest, which downloads a package from the public npm registry at runtime.
  • [REMOTE_CODE_EXECUTION]: By utilizing npx, the skill executes external code that is not bundled with the skill itself, introducing a risk of executing malicious or compromised packages.
  • [COMMAND_EXECUTION]: The prune --apply subcommand provides the agent with a mechanism to execute shell commands locally to remove files or skills.
  • [DATA_EXFILTRATION]: The skill accesses ~/.claude session logs, which contain potentially sensitive conversation histories. While the frontmatter claims 'No network calls', the outdated subcommand documentation explicitly mentions network usage, creating a potential vector for exfiltrating the contents of the logs.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8):
  • Ingestion points: Reads conversation history from ~/.claude session JSONL logs (SKILL.md).
  • Boundary markers: None specified for the log ingestion.
  • Capability inventory: Execution of shell commands via npx and prune (SKILL.md).
  • Sanitization: No mention of sanitizing or escaping the log content before processing it for 'suggestions'.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 06:26 AM