add-skill
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Shell command injection vulnerability. The skill provides instructions to execute git commands (e.g., git push -u origin feat/add-skill-) using a name provided by the user in Step 1. If the user provides a skill name containing shell metacharacters such as semicolons or ampersands, it could lead to the execution of arbitrary commands.
- [DATA_EXFILTRATION] (LOW): Exfiltration of potentially sensitive information. The skill extracts segments from the current conversation and pushes them to a repository (diegocanepa/agent-skills) that is not on the list of trusted sources. This workflow may inadvertently leak sensitive user data or system configurations present in the chat context to a public forum.
- [PROMPT_INJECTION] (LOW): Surface for indirect prompt injection. 1. Ingestion points: Conversation history processed in Step 2. 2. Boundary markers: Absent. The skill lacks explicit delimiters or safety instructions to prevent the agent from following malicious instructions embedded within the conversation content it extracts. 3. Capability inventory: File modification (via skill-creator), Git command execution, and Pull Request submission via the vcs-change-request MCP. 4. Sanitization: None. The distilled content is used directly to scaffold new skill files.
Audit Metadata