skill-manager
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill's primary functions—gap analysis, template-based generation, and health checks—are performed using local project metadata and predefined templates.
- [DATA_EXPOSURE]: The skill scans the project structure (e.g.,
.github/workflows/,docker-compose.yml) to build a context inventory for gap analysis. This behavior is limited to identifying project technologies and does not involve accessing sensitive user credentials or exfiltrating data. - [DYNAMIC_EXECUTION]: The skill generates new
SKILL.mdfiles based on user descriptions or catalogue templates. It writes these files to the local file system but does not attempt to execute them or any other code at runtime. - [INDIRECT_PROMPT_INJECTION]: The skill processes content from existing project skill files. While this is a data ingestion point, the skill only performs analysis and generation tasks without exploitable capabilities like network access or code execution, mitigating the risk of indirect injection.
Audit Metadata