skill-manager
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to automatically run
npm run buildto synchronize project assets after modifying the registration JSON file. This is a standard operational procedure for maintaining the project's build state and documentation. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes metadata from external repositories and local files. • Ingestion points: Data is retrieved from local
SKILL.mdfiles and external GitHub repositories provided by the user. • Boundary markers: No specific delimiters or instructions are implemented to prevent the agent from processing instructions that might be embedded in the ingested metadata. • Capability inventory: The skill performs file system modifications tosrc/data/skills.jsonand executes thenpm run buildcommand. • Sanitization: Ingested metadata is appended to the project's registry without explicit sanitization or validation of its content.
Audit Metadata