skill-authoring
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation in
generating-from-docs.mdrecommends installing theagent-skills-generatorutility from a personal Homebrew tap (rodydavis/tap). This source is not a verified vendor or official organization, posing a supply chain risk. - [COMMAND_EXECUTION]: The
platform-guide.mdreference file documents and demonstrates the use of the!backticksyntax (e.g.,!`git status`), which enables shell command execution at the moment a skill is loaded. This feature can be used for silent command execution without user interaction if a skill's content is modified maliciously. - [COMMAND_EXECUTION]: The
generating-from-docs.mdfile contains bash scripts for creating temporary directories and executing external commands (mktemp,cd,rm -rf,agent-skills-generator). These provide an execution surface that an agent might trigger automatically. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from documentation websites (
generating-from-docs.md) and session history (extracting-from-sessions.md) to create new instructions. The process lacks mandatory boundary markers or explicit sanitization steps, creating a surface for indirect prompt injection where malicious content in source docs could influence the generated skill's behavior.
Audit Metadata