Skills
skills/aaaaqwq/claude-code-skills/skill-vetter/Gen Agent Trust Hub

skill-vetter

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • External Downloads (LOW): The skill includes instructions to use curl to fetch repository metadata and file content from GitHub.
  • Evidence: Commands in SKILL.md target api.github.com and raw.githubusercontent.com.
  • Severity: Downgraded to LOW per [TRUST-SCOPE-RULE] as GitHub is a trusted source and the fetched data is intended for human/agent inspection.
  • Command Execution (LOW): The skill provides bash command templates (curl, jq) intended for the agent to execute as part of its auditing process.
  • Evidence: Quick Vet Commands section in SKILL.md contains executable shell command examples.
  • Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted data (the code and metadata of other skills). This creates an attack surface where a malicious skill being audited could attempt to influence the agent's report.
  • Ingestion points: External files fetched via curl instructions in SKILL.md.
  • Boundary markers: Absent; the agent is instructed to "Read ALL files".
  • Capability inventory: curl and jq for data retrieval; the primary capability is the agent's internal reasoning and reporting.
  • Sanitization: Absent; the skill relies on the agent's ability to identify red flags as defined in the protocol.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 08:59 AM