skill-share
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill creates new
SKILL.mdfiles using user-provided names and descriptions. This creates a surface where an attacker can inject malicious instructions into a generated skill. - Ingestion points: User input for skill metadata (name, description).
- Boundary markers: None specified in the documentation.
- Capability inventory: File writing (directory/file creation), Slack messaging via Rube.
- Sanitization: No mention of input validation or escaping for the generated Markdown/YAML content.
- Data Exfiltration Surface (LOW): The skill utilizes the 'Rube' framework to send data to Slack. While intended for sharing skill metadata, this capability could be repurposed to exfiltrate sensitive information if the agent is compromised or tricked via prompt injection.
- Dynamic Execution (LOW): The skill documentation mentions the use of Python 3.7+ for execution scripts and the generation of structured 'scripts/' directories. This indicates that the skill is designed to generate and potentially execute local code based on templates.
Audit Metadata