Skills
skills/caidanw/skills/distill-to-skill/Gen Agent Trust Hub

distill-to-skill

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to process untrusted data from external sources such as blog posts, articles, and GitHub repositories, which introduces a vulnerability to indirect prompt injection.
  • Ingestion points: In SKILL.md under Step 1: Absorb the Source, the agent is instructed to "Fetch the URL and read the full content" and "Explore directory structure, entry points, key modules" for repositories.
  • Boundary markers: The skill does not provide instructions to use delimiters or warnings to ignore embedded commands within the processed data.
  • Capability inventory: The skill is part of a workflow that includes the skill-creator skill, which handles file system operations and script execution.
  • Sanitization: No sanitization or validation steps are defined for the content retrieved from external sources.
  • [EXTERNAL_DOWNLOADS]: The distillation workflow requires the agent to interact with external network resources to gather information.
  • Evidence: SKILL.md directs the agent to "Fetch the URL" and "explore... repos", which involves network requests to potentially untrusted third-party domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:33 PM