skill-scout
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves data from third-party sources including GitHub repositories, package registries (NPM/PyPI), and general web search results to identify candidate skills or code snippets.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted content from external sources to rank and recommend candidate implementations.
- Ingestion points: Untrusted content is ingested from GitHub READMEs, package manifests, and web search results during the 'Search External Sources' phase defined in
SKILL.md. - Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when analyzing retrieved external text.
- Capability inventory: The scouting process is read-only; however, the skill can prompt the user to install external code or delegate tasks to the
skill-creatortool. - Sanitization: No sanitization or validation of the retrieved external content is performed before the agent processes and summarizes it.
Audit Metadata