Skills
skills/uinaf/skills/skill-audit/Gen Agent Trust Hub

skill-audit

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's workflow involves executing shell commands, specifically npx tessl and potential repository scripts such as ./scripts/review-skills.sh. These are used to run automated quality checks on target skills.
  • [EXTERNAL_DOWNLOADS]: The skill relies on npx to download and run the tessl package from the npm registry at runtime. This execution of remote code is central to the skill's functionality but represents a dependency on an external registry.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) risks because it ingests and analyzes external data (other skill files) and has the power to execute commands. A malicious skill being audited could contain instructions meant to hijack the agent's logic during the audit.
  • Ingestion points: Reads SKILL.md, references/, and scripts/ from targeted skill directories.
  • Boundary markers: Absent; the instructions do not define delimiters or specific 'ignore' rules to ensure audited content is treated strictly as data.
  • Capability inventory: Possesses shell execution capabilities via npx and local script execution.
  • Sanitization: There is no indication that the skill sanitizes the content of the files it reads or validates the target skill paths before passing them to the shell.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 10:00 AM