librarian
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill analyzes untrusted content from external repositories (READMEs, metadata, and source code) which could contain hidden instructions designed to manipulate the agent's behavior. Ingestion points: External source code and metadata files. Boundary markers: Absent; the skill does not instruct the agent to use specific delimiters or ignore embedded instructions within processed files. Capability inventory: The skill utilizes tools to fetch source code and read files. Sanitization: Absent; there is no mention of filtering or validating the content retrieved from external sources.
- [No Code] (SAFE): The skill consists solely of instructions and metadata (YAML/Markdown) and does not include any executable scripts or binary files, which minimizes the risk of direct command execution.
Audit Metadata