skill-portability

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled local script scripts/providers.mjs using the Node.js runtime. This script acts as the single source of truth for provider metadata and configuration.
  • [EXTERNAL_DOWNLOADS]: Includes a feature to check documentation URL availability via HTTP HEAD requests. All target domains (anthropic.com, cursor.com, openai.com, agentskills.io) represent well-known technology organizations and trusted documentation services.
  • [PROMPT_INJECTION]: Presents an indirect prompt injection surface as it ingests and processes untrusted skill content provided by the user for auditing. The risk is managed through several layers of defense:
  • Ingestion points: Reads external skill files (SKILL.md, .mdc, AGENTS.md) or pasted prompt text.
  • Boundary markers: Audited content is enclosed within triple-dash (---) delimiters in the subagent prompt template to prevent instruction confusion.
  • Capability inventory: The skill uses node for local logic, Read for snapshots, Write for report generation, and Agent for parallelized sub-tasks.
  • Sanitization: The subagent instructions explicitly command the agent to prioritize bundled local snapshots over any potentially malicious instructions found within the audited content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:27 PM
Security Audit — agent-trust-hub — skill-portability