community-project-publish
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill handles user-contributed projects from a community repository, which presents a surface for indirect prompt injection.\n
- Ingestion points: Project files are downloaded from the community GitHub repository in
exports.pyduring thefork_projectoperation.\n - Boundary markers: The skill does not currently implement boundary markers or instructions to ignore embedded commands when processing or displaying downloaded project content.\n
- Capability inventory: The skill has the ability to write to the file system, make network requests to the community gateway, and generate shell commands for users to execute via the
lib/install.pyhandlers.\n - Sanitization: Although
lib/validate.pyperforms secret scanning and integrity checks, it does not specifically filter or sanitize project files for malicious natural language instructions designed to influence the agent's behavior.\n- [SAFE]: The skill demonstrates several security-conscious design choices:\n - Credential Safety: It includes a pre-publish validation step in
lib/validate.pythat scans for sensitive patterns (e.g., API keys, private keys) to prevent accidental data exposure.\n - Human-in-the-Loop: The instructions in
SKILL.mdexplicitly require the agent to seek user confirmation and show diffs before publishing projects or running setup commands.\n - Trusted Infrastructure: Communication is restricted to the vendor's community gateway and official GitHub repositories.
Audit Metadata