manage-tools
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Performs a network request to
raw.githubusercontent.com/dev-goraebap/agent-collabo/main/manifest.jsonto check for skill updates. This is a standard version-checking mechanism targeting the author's own repository. - [COMMAND_EXECUTION]: Scans local project configuration files (such as
package.json,.mcp.json,Brewfile, andmise.toml) and the user's agent directory (~/.claude/agents/) to identify potential tools to register. - [PROMPT_INJECTION]: The skill processes data from external configuration files to update the
AGENTS.mdfile, which influences agent behavior. It mitigates indirect prompt injection risks by requiring the user to manually select items from a checklist and provide custom descriptions for each tool added. - Ingestion points:
package.json,.mcp.json,Brewfile,mise.toml,.tool-versions,~/.claude/agents/. - Boundary markers: Uses fixed markdown headers (
### Agent Skills, etc.). - Capability inventory: File system reads (configs), File system write (
AGENTS.md). - Sanitization: Human-in-the-loop validation via interactive checklist and manual description entry.
Audit Metadata