skill-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs the agent to add a third-party marketplace and install the 'skill-creator' plugin from 'https://github.com/daymade/claude-code-skills', which is not a trusted source.
- REMOTE_CODE_EXECUTION (HIGH): Following installation of the unverified plugin, the skill provides shell commands to execute Python scripts ('quick_validate.py', 'security_scan.py') located within the plugin's cache directory.
- COMMAND_EXECUTION (MEDIUM): The skill uses bash commands to dynamically locate and run executable files within the user's plugin directory based on output from 'find' and 'head' commands.
- PROMPT_INJECTION (LOW): Surface for indirect prompt injection when reviewing external repositories. 1. Ingestion points: 'SKILL.md' (External Review and Auto-PR workflows clone and read entire external repositories). 2. Boundary markers: Absent; instructions explicitly state to 'Read ALL documentation'. 3. Capability inventory: 'gh repo fork', 'git clone', 'python3' execution, and file system write operations. 4. Sanitization: Absent; no validation or escaping of external content is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata