Skills
skills/shipshitdev/library/skill-validator/Gen Agent Trust Hub

skill-validator

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including bunx markdownlint-cli and a local synchronization script ./scripts/validate-skill-sync.sh to perform file validation tasks.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes the bunx package runner to execute markdownlint-cli, which may involve downloading the package from the public npm registry (a well-known service).\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and validate the contents of other SKILL.md and reference markdown files.\n
  • Ingestion points: Reads contents from SKILL.md and references/*.md files within the workspace.\n
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded commands within the files being validated.\n
  • Capability inventory: The agent possesses the capability to execute shell commands and run local scripts while performing these validations.\n
  • Sanitization: Absent; the skill does not specify any sanitization, filtering, or escaping logic for the content of the files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:31 AM