tools-skill-lookup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill connects to and downloads content from
prompts.chat, which is not an authorized or trusted source according to security guidelines. This introduces a supply chain risk. - [REMOTE_CODE_EXECUTION] (HIGH): The skill's primary function is to download and save "Helper scripts (Python, shell, etc.)" into the
.claude/skills/directory. This pattern effectively allows an external source to inject executable code into the agent's environment. - [COMMAND_EXECUTION] (MEDIUM): Although the skill does not invoke commands directly, it facilitates the persistent storage of scripts that are intended for execution by the agent, creating a persistent attack surface.
- [INDIRECT PROMPT INJECTION] (LOW): The skill is a major surface for indirect injection.
- Ingestion points: The
get_skilltool retrievesSKILL.mdand other documentation from an external API. - Boundary markers: Absent. The skill instructions do not specify any delimiters or warnings to ignore instructions within the downloaded content.
- Capability inventory: File-write operations to the user's home directory (
.claude/skills/). - Sanitization: Absent. The instructions mandate saving all files exactly as retrieved.
Recommendations
- AI detected serious security threats
Audit Metadata