skill-add
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
repomixcommand to summarize GitHub repositories. It also specifies writing files to the.claude/skills/$1directory based on user-provided arguments. - [EXTERNAL_DOWNLOADS]: The skill provides an external link to
repomix.comand instructs the agent to install the tool if it is not already present on the system. - [PROMPT_INJECTION]: The skill uses strong instructional markers such as
[IMPORTANT],MUST FOLLOW, andYour missionto control agent behavior. While these are common in skill definitions, they are noted as behavioral overrides. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill ingests untrusted data from a user-provided prompt ($2), external web URLs, and content from GitHub repositories.
- Boundary markers: The skill uses XML-like tags (
<reference-or-script-prompt>) to wrap the secondary argument, providing some structural separation. - Capability inventory: The skill has the capability to write files to the local file system (
.claude/skills/), execute shell commands (repomix), and spawn subagents to explore external content. - Sanitization: No explicit sanitization, validation, or escaping of the ingested external content is mentioned before it is processed or used to generate new files.
Audit Metadata