Skills
skills/aivokone/ak-skills-core/local-ref/Gen Agent Trust Hub

local-ref

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill performs network requests to non-whitelisted domains, including context7.com and arbitrary URLs via the WebFetch source.
  • COMMAND_EXECUTION (LOW): The skill instructs the agent to use shell commands such as curl and jq to interact with APIs and process external data.
  • PROMPT_INJECTION (LOW): The skill creates a surface for Indirect Prompt Injection (Category 8) by caching untrusted content locally and modifying AGENTS.md to prioritize these files in future sessions. 1. Ingestion points: Context7 API and WebFetch URLs. 2. Boundary markers: Absent; the skill saves raw-ish documentation content to markdown files without explicit delimiters. 3. Capability inventory: curl (network), file-write, and AGENTS.md modification. 4. Sanitization: Absent; no content validation or sanitization of fetched data is performed before saving.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:14 PM