agent-skills-spec
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and audit other agent skills which may contain malicious instructions.
- Ingestion points: Analyzes SKILL.md, scripts, and reference files during the audit and fix workflows.
- Boundary markers: No boundary markers or instructions to ignore embedded directives are defined for the audited content.
- Capability inventory: Performs file reads, directory renames (mv), and file deletions (rm).
- Sanitization: No input sanitization or validation of the text within the processed skills is provided.
- [EXTERNAL_DOWNLOADS]: Recommends installing the 'skills-ref' CLI tool from public package registries using pip or uv.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform file system operations, including moving files to restructure directories and deleting metadata files like README.md and LICENSE.
Audit Metadata