skill-share
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. 1. Ingestion points: User-provided 'name and description' fields during the initialization process. 2. Boundary markers: Absent; the skill does not use delimiters or explicit instructions to the agent to ignore content within the name or description fields. 3. Capability inventory: The skill has file system write access (creating SKILL.md), directory management, zip packaging, and external communication via Slack (Rube integration). 4. Sanitization: Absent; user input is interpolated directly into generated instruction files and Slack blocks. This allows an attacker to inject instructions that will be executed by other agents using the generated skill or mislead team members through Slack notifications.
- COMMAND_EXECUTION (MEDIUM): The skill description specifies that it creates directories, writes files, and packages zip files, while also requiring 'creation scripts'. These file system operations and script executions provide a significant attack surface when driven by unvalidated external metadata.
Recommendations
- AI detected serious security threats
Audit Metadata