yao-interpreter-skill

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The examples/risky_skill/ directory contains sample files designed to test the analyzer's detection capabilities. These files include common injection phrases like 'Ignore previous instructions' and 'do not tell the user what happens.' Analysis confirms these are static test fixtures used for internal validation and are never treated as authoritative instructions for the agent.
  • [COMMAND_EXECUTION]: The skill includes a testing script, scripts/smoke_test.py, which uses subprocess.run to execute the skill's own analysis engine on sample directories. This usage is restricted to automated testing of the skill's core functionality.
  • [DATA_EXFILTRATION]: Malicious code patterns, such as commands attempting to exfiltrate API keys via curl, are found within the examples/risky_skill/scripts/ directory. These are intentionally included as 'Red Team' data fixtures to verify that the scanner correctly identifies and reports such threats in target skills.
  • [EXTERNAL_DOWNLOADS]: The skill's analysis logic and documentation reference public repositories under the author's organization (e.g., github.com/yaojingang/) for version checking and as example targets. These references follow standard vendor patterns and involve well-known developer services.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 03:29 AM
Security Audit — agent-trust-hub — yao-interpreter-skill