heal-skill
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (
heal.sh,validate.sh) to perform maintenance tasks. These scripts use standard Unix utilities like grep, sed, awk, and find to inspect and modify files within the repository's skills directory. - [COMMAND_EXECUTION]: The script performs CLI validation by executing the
ao helpcommand to verify subcommand validity, provided theaobinary is available in the environment or the repository's binary directory. - [DATA_EXPOSURE]: The utility reads the structure and frontmatter of other skills in the repository to identify missing fields or broken references. This data access is confined to the local filesystem and is necessary for the skill's stated purpose of auditing repository health.
- [PROMPT_INJECTION]: The 'skill-stocktake' reference describes an AI-powered evaluation pass where an agent judges the quality of other skills. This represents an indirect prompt injection surface where untrusted data (ingestion point: SKILL.md from other skills) enters the agent's context. While the skill has the capability to modify files and execute local scripts, the current implementation is focused on structural integrity and lacks evidence of malicious intent or lack of control markers.
Audit Metadata