Skills
skills/crafter-station/skills/skillkit/Gen Agent Trust Hub

skillkit

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the vendor-provided @crafter/skillkit CLI tool using the bunx runner to perform system-level analytics and skill management.
  • [COMMAND_EXECUTION]: Provides functionality to delete files (skills) from the local filesystem through the prune command, intended for cleaning up unused resources.
  • [EXTERNAL_DOWNLOADS]: Fetches the @crafter/skillkit package from a remote registry to facilitate execution via bunx or global installation.
  • [REMOTE_CODE_EXECUTION]: The skill relies on running an external CLI package (@crafter/skillkit) which is downloaded and executed at runtime.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of session logs and traces from other agents, which could potentially contain malicious instructions.
  • Ingestion points: The skillkit scan command reads and indexes session data and JSONL/JSON traces from various local agent directories.
  • Boundary markers: None documented; the skill assumes the integrity of the parsed session logs.
  • Capability inventory: The skill possesses file deletion capabilities (skillkit prune) and filesystem read access across multiple agent environments.
  • Sanitization: The documentation does not specify sanitization procedures for the indexed session data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 10:09 PM