skill-share
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Dynamic Execution (MEDIUM): The skill documentation describes generating directory structures and Python scripts (scripts/ directory) dynamically. The 'automated validation' and 'packaging' steps imply that these generated scripts may be processed or executed by the agent, creating a risk of code execution if the generation logic is influenced by malicious input.\n- Indirect Prompt Injection (LOW): The skill creates content based on user-provided metadata like name and description.\n
- Ingestion points: User input for skill name and description fields used in SKILL.md and potentially script templates.\n
- Boundary markers: None mentioned in the documentation to delimit user content from generated logic.\n
- Capability inventory: File system write access, directory creation, ZIP packaging, and Slack API access (via Rube).\n
- Sanitization: No sanitization or validation of the content within user-provided strings is documented, which could allow for the injection of malicious instructions into the generated files.\n- Data Exfiltration (LOW): The skill uses Slack integrations (SLACK_SEND_MESSAGE, SLACK_POST_MESSAGE_WITH_BLOCKS) to share skill metadata and packaged files. This creates a data exfiltration surface where sensitive files could be moved from the local environment to an external Slack workspace if the packaging logic is manipulated.
Audit Metadata