skill-quality-validator
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [No Code] (LOW): The core validation logic is described as residing in
scripts/check_skill.py, but this file is missing from the provided skill package. - [Command Execution] (LOW): Documentation instructs users to execute shell commands (e.g.,
chmod,unzip,python -m py_compile) and custom Python scripts to perform validation tasks. - [External Downloads] (LOW): The
quick_fixes.mdfile recommends installing thepylintpackage viapipto facilitate deep code analysis. - [Indirect Prompt Injection] (LOW): The tool is designed to ingest and analyze untrusted external skill files, creating an injection surface. 1. Ingestion points: Skill directory paths and file contents provided by the user for validation. 2. Boundary markers: Absent; documentation does not specify the use of delimiters or 'ignore' instructions for the analyzed content. 3. Capability inventory: The tool facilitates script execution and installation of external packages. 4. Sanitization: No sanitization or escaping of the ingested file content is documented.
Audit Metadata