Skills
skills/allra-fintech/skills/allar-skills-update/Gen Agent Trust Hub

allar-skills-update

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface as part of its primary functionality.
  • Ingestion points: Processes natural language requests from users to create or modify SKILL.md files within the repository.
  • Boundary markers: Absent; the instructions do not specify the use of delimiters or clear separation between the agent's logic and the user-provided content.
  • Capability inventory: The agent has permissions to write to the file system, execute git commands, and utilize gh (GitHub CLI) for creating branches and submitting Pull Requests.
  • Sanitization: Absent; the skill does not include steps to validate or sanitize user-provided descriptions, examples, or rules before they are incorporated into the repository files.
  • [COMMAND_EXECUTION]: The skill provides instructions to execute several command-line tools for environment verification and repository management.
  • Tool usage: Utilizes git remote -v, git push, and multiple GitHub CLI (gh) commands, including gh auth status, gh repo fork, and gh pr create to automate the contribution lifecycle.
  • [EXTERNAL_DOWNLOADS]: The skill suggests the installation of external software to support its workflow.
  • Tool installation: Recommends the use of brew install gh (Homebrew) to install the GitHub CLI if it is not already present on the system, which is a standard procedure for macOS environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 06:52 AM