skill-forge-review
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several internal Python scripts (e.g.,
validate_skill.py,generate_eval_set.py,optimize_description.py) to perform automated validation and optimization tasks based on the provided skill path. - [EXTERNAL_DOWNLOADS]: The audit process accepts GitHub repository URLs as input, fetching and reading markdown files, scripts, and assets for analysis.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from external sources that may contain instructions targeting the auditor.
- Ingestion points: Audited skill files located in user-provided paths,
~/.claude/skills/, or remote GitHub repositories. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' warnings when presenting the audited content to the agent.
- Capability inventory: File system read access and command execution via Python scripts across multiple audit steps.
- Sanitization: No evidence of sanitization or safety-filtering for the content of the audited files before they are processed by the agent.
Audit Metadata