Skills
skills/curiositech/some_claude_skills/vr-avatar-engineer/Gen Agent Trust Hub

vr-avatar-engineer

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external websites via WebFetch and mcp__firecrawl__firecrawl_search, which creates a surface for indirect prompt injection. This risk is inherent to tools that ingest web content.
  • Ingestion points: WebFetch and mcp__firecrawl__firecrawl_search used to research SDKs and documentation.
  • Boundary markers: Not explicitly defined in the skill instructions.
  • Capability inventory: Access to Bash, Write, Edit, and Read tools.
  • Sanitization: No specific sanitization or filtering logic is provided within the skill description.
  • [COMMAND_EXECUTION]: The skill is granted access to the Bash tool to support development tasks. No malicious command strings or suspicious shell operations were identified in the skill's instructions or code examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:53 PM