review-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the agent to run 'python scripts/download_anthropics_skills.py' to download reference materials. The script is missing from the package, making its behavior unverified and potentially dangerous despite targeting a trusted source.\n- [COMMAND_EXECUTION] (HIGH): The skill explicitly directs the agent to execute shell commands for cache management and skill validation, providing a direct mechanism for arbitrary code execution if compromised.\n- [REMOTE_CODE_EXECUTION] (HIGH): The pattern of executing a script that fetches and executes data from a remote repository constitutes an RCE vector.\n- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core function of reviewing untrusted external skills.\n
- Ingestion points: Step 3 (Read the complete skill structure) reads user-specified directories and files.\n
- Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the processed files.\n
- Capability inventory: The agent possesses command execution and file read/write capabilities.\n
- Sanitization: Absent; there is no validation or escaping of the content being analyzed.
Recommendations
- AI detected serious security threats
Audit Metadata