Skills
skills/yigitkonur/skills-by-yigitkonur/synthesize-skills/Gen Agent Trust Hub

synthesize-skills

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses scripts/skill-dl to download external repositories from GitHub using git clone --depth 1. This is a core part of its research functionality.
  • [REMOTE_CODE_EXECUTION]: The scripts/skill-dl script executes npx -y skills@latest find, which downloads and runs the latest version of the skills package from the npm registry during the search phase.
  • [COMMAND_EXECUTION]: The skill utilizes several standard shell utilities including git, curl, find, grep, and sed to perform its discovery and file management tasks. These operations are restricted to the local research corpus and are transparently documented in the scripts.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill supports the use of a SERPER_API_KEY for searching via Google's Serper API. This secret is provided by the user and is used strictly for search queries directed to google.serper.dev as part of the intended search functionality.
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to ingest untrusted data from external skill repositories. While this creates a surface for indirect prompt injection, the skill includes detailed references (e.g., references/research/source-verification.md) that guide the agent in triaging and verifying sources for quality and security anti-patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:49 PM