skill-portability
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled local script
scripts/providers.mjsusing the Node.js runtime. This script acts as the single source of truth for provider metadata and configuration. - [EXTERNAL_DOWNLOADS]: Includes a feature to check documentation URL availability via HTTP HEAD requests. All target domains (anthropic.com, cursor.com, openai.com, agentskills.io) represent well-known technology organizations and trusted documentation services.
- [PROMPT_INJECTION]: Presents an indirect prompt injection surface as it ingests and processes untrusted skill content provided by the user for auditing. The risk is managed through several layers of defense:
- Ingestion points: Reads external skill files (SKILL.md, .mdc, AGENTS.md) or pasted prompt text.
- Boundary markers: Audited content is enclosed within triple-dash (
---) delimiters in the subagent prompt template to prevent instruction confusion. - Capability inventory: The skill uses
nodefor local logic,Readfor snapshots,Writefor report generation, andAgentfor parallelized sub-tasks. - Sanitization: The subagent instructions explicitly command the agent to prioritize bundled local snapshots over any potentially malicious instructions found within the audited content.
Audit Metadata