sync-sdk-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Data Exposure (LOW): The skill requires access to a local filesystem path provided by the user (Step 1). It reads files like
package.jsonand source code files within that path. While intended for SDK synchronization, this capability allows the agent to read arbitrary local files if a user provides a sensitive path. - External Downloads (LOW): Step 6 allows the skill to fetch documentation from an external URL. This involves network operations to non-whitelisted domains, which could be used for basic SSRF or tracking if a malicious URL is provided.
- Indirect Prompt Injection (LOW): This skill exhibits a high surface area for indirect injection because it incorporates untrusted external data into instruction files (
SKILL.mdandreferences/*.md). - Ingestion points: Local SDK source code files (Steps 2 & 3) and external Documentation URLs (Step 6).
- Boundary markers: Absent. The skill does not define delimiters or warnings to prevent the agent from obeying instructions embedded within the source code or fetched documentation.
- Capability inventory: File system read (Step 3), Network fetch (Step 6), and File system write (Step 7
- updating
SKILL.mdandreferences/). - Sanitization: Absent. The instructions do not mention escaping or validating the content extracted from the SDK or the web before writing it into the skill files.
Audit Metadata