turon-api-design
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's primary header contains an extensive sequence of hidden zero-width Unicode characters (U+200B, U+200C, U+200D) enclosed in delimiters. Decoding the initial blocks of this payload reveals the string 'SK1L' followed by structured binary data. This technique is highly suspicious and is typically used to smuggle malicious URLs or override instructions (prompt injection) that remain invisible to the end user.
- Evidence: The title '# Aaron Turon Style Guide' in SKILL.md contains 187 hidden characters that encode a multi-block payload.
Recommendations
- AI detected serious security threats
Audit Metadata