Skills
skills/switch-dimension/molten-os-core/molten-skill-manage/Gen Agent Trust Hub

molten-skill-manage

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx skills to download and execute the CLI tool from the npm registry. It also fetches agent skill packages from GitHub repositories, specifically referencing the author's own repository switch-dimension/molten-os-core.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands through the npx skills CLI to perform lifecycle management tasks such as add, update, remove, ls, and init. These commands are used to modify the local agent environment and file system.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from multiple sources.
  • Ingestion points: Data enters the context through npx skills ls and npx skills find output, as well as the content of external GitHub repositories during installation (SKILL.md).
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are used when displaying or processing results from the CLI or external repositories.
  • Capability inventory: The skill has the capability to execute arbitrary shell commands via npx (SKILL.md).
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from external skill packages or search results.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:48 PM
Security Audit — agent-trust-hub — molten-skill-manage