list-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes a local Python script (
00-system/core/nexus-loader.py) with the--list-skillsflag. This is a standard system operation for listing internal components and does not involve untrusted input or risky execution patterns. - [DATA_EXPOSURE] (SAFE): The skill accesses local directory structures (such as
00-system/skills/and03-skills/) to retrieve metadata about other skills. It does not access sensitive user files, credentials, or private configuration data. - [REMOTE_CODE_EXECUTION] (SAFE): No external network requests, remote script downloads, or piping of web content to shells were found.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill processes metadata from other skills (names and descriptions), it does so for display purposes and does not incorporate this data into high-privilege execution sinks or bypass safety constraints.
Audit Metadata