skill-updater
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities were detected. The skill follows best practices for development, such as recommending backups before making changes.
- [COMMAND_EXECUTION] (LOW): The skill includes bash snippets for backing up files (
cp) and committing changes (git). These are standard operations for its intended purpose and do not represent a privilege escalation risk. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The skill is designed to read and modify other skill files located in the
.claude/skills/directory. - Boundary markers: No specific delimiters are used to wrap the content of the skills being updated.
- Capability inventory: The skill uses
Read,Write,Edit, andBashtools to manipulate local files. - Sanitization: The workflow relies on a 'Validate Changes' step (using an external
skill-validator) to ensure integrity rather than input sanitization.
Audit Metadata