Agent Discovery
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill file consists solely of YAML metadata, descriptive markdown, and interface definitions. It does not contain any executable logic, scripts, or binaries.
- [Indirect Prompt Injection] (SAFE): Although the skill is designed to ingest data from untrusted external sources (GitHub, HuggingFace, etc.), it lacks the capabilities (such as command execution or file system access) that would be necessary for an indirect injection attack to pose a threat.
- [Data Exposure] (SAFE): The skill uses a userId for billing and auditing purposes, which is a standard operational practice and does not involve the handling of sensitive credentials or private keys.
Audit Metadata