skills/tw93/claude-health/learn/Gen Agent Trust Hub

learn

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves research materials from external websites and repositories using standard tools like curl or WebFetch. This is the primary functionality intended to support the research workflow.
  • [COMMAND_EXECUTION]: Shell commands such as curl are utilized in the 'Collect' phase to download content when specialized reading plugins are not available.
  • [PROMPT_INJECTION]: As the skill ingests and processes untrusted data from the web (papers, blogs, repositories), it is theoretically susceptible to indirect prompt injection. The skill mitigates this by instructing the agent to cross-verify claims across multiple sources and build independent mental models rather than summarizing content blindly.
  • Ingestion points: Phase 1 fetches content from arbitrary external URLs.
  • Boundary markers: No specific delimiters are used to wrap the fetched external content.
  • Capability inventory: The skill has the ability to write files to the ~/Downloads directory and perform network read operations.
  • Sanitization: There are no explicit sanitization or filtering steps mentioned for the fetched content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:54 AM
Security Audit — agent-trust-hub — learn