skillkit
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing or running the @crafter/skillkit Node.js package. This package is a vendor-owned resource associated with the author 'crafter-station'.
- [COMMAND_EXECUTION]: The skill functions by executing shell commands (npx or npm) to run the SkillKit CLI for analytics and management tasks.
- [DATA_EXFILTRATION]: The tool scans numerous local AI agent directories (e.g., ~/.claude/skills/, Cursor, Windsurf) and parses session logs to extract usage statistics and costs. While this involves accessing configuration and log files, the documentation states all data is stored locally in ~/.skillkit/analytics.db.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and indexing session data.
- Ingestion points: Processes JSONL session logs and local skill metadata from multiple agent environments.
- Boundary markers: No specific delimiters or safety instructions are mentioned for parsing tool_use blocks in logs.
- Capability inventory: Possesses file system read access, the ability to record execution traces, and file deletion capabilities (skillkit prune).
- Sanitization: No sanitization or validation of the processed data is described in the skill instructions.
Audit Metadata