skill-vetting
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is defensive. It provides a
vet.shscript that uses standard grep patterns to identify common indicators of compromise in other software (e.g., searching for 'curl', 'sudo', 'base64', or 'API_KEY'). - [COMMAND_EXECUTION]: The
vet.shscript executes shell commands to perform its auditing task. These commands (grep, basename, etc.) are used as intended for a security scanner and do not pose an inherent risk to the host environment outside of the auditing context. - [PROMPT_INJECTION]: The
SKILL.mdfile contains instructions for the agent to follow a specific vetting process. These instructions are standard operational guidelines and do not attempt to bypass agent safety filters or override core system behavior. - [DATA_EXPOSURE]: While the script searches for patterns related to credentials (e.g., 'API_KEY', 'SECRET'), it does so to flag them in other skills during an audit, rather than exposing the current user's secrets.
Audit Metadata