skill-coach
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill requests
Bash(python:*)permissions to execute its included Python scripts for skill validation and activation testing. These scripts (validate_skill.py,check_self_contained.py,test_activation.py) perform structural and keyword-based static analysis and do not execute the content of the files they analyze. - [PROMPT_INJECTION]: As a meta-tool designed to audit other skills, it reads and processes external files. This creates an indirect prompt injection surface where malicious instructions within a file being audited could potentially be surfaced to the agent. However, the risk is mitigated by the use of safe parsing methods and the specific nature of the audit tasks (regex and YAML key validation).
- [EXTERNAL_DOWNLOADS]: The skill's documentation and example files (e.g.,
clip-aware-embeddings) describe the installation of legitimate machine learning and development libraries such astransformers,torch, and@modelcontextprotocol/sdk. These are standard tools for the described domain and are referenced from well-known repositories.
Audit Metadata