apex-skill-forge
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: Technical evaluation confirms that the skill is a legitimate engineering tool designed for local development automation. The codebase relies exclusively on Python's standard library modules and does not exhibit any patterns related to data exfiltration, unauthorized network communication, or sensitive file access.
- [COMMAND_EXECUTION]: The installer script
install_to_omnihub.pygenerates a local health check script and executes it usingsubprocess.runto verify installation integrity. This execution is confined to the local environment and the current user's execution context, representing a standard deployment validation pattern. - [PROMPT_INJECTION]: The skill ingests user-provided input, such as skill names and archetypes, to generate documentation and code structures. It mitigates indirect injection risks by enforcing a strict kebab-case regular expression for names and by populating files from static internal templates, which prevents untrusted strings from altering the logic of the generated executor scripts.
Audit Metadata