Skills
skills/bogdanovycha/skills/5-5-3-2/Gen Agent Trust Hub

5-5-3-2

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The file 'scripts/check_update.py' performs network requests to 'raw.githubusercontent.com' to fetch version information from the developer's official repository (BogdanovychA/skills).
  • [COMMAND_EXECUTION]: The skill instructions mandate the execution of a local Python script for update verification and potentially an 'npx' shell command to install newer versions of the skill from the author's repository.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to processing untrusted user dietary data. Evidence: (1) Ingestion point: User-supplied meal descriptions in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Execution of local scripts and shell-based update commands. (4) Sanitization: Absent. The risk is minimized as capabilities are scoped to maintenance tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 12:30 PM