manage-skills
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill invokes local Python scripts (
audit_skills.pyandcheck_compliance.py) to perform its core auditing functions. These scripts are part of the skill's own package and are used for local file system operations. - Indirect Prompt Injection (LOW): The skill monitors a directory for third-party skill files, creating an ingestion surface. Evidence: 1. Ingestion point: Files within the
.claude/skills/directory. 2. Boundary markers: No explicit delimiters or ignore-instructions mentioned in the markdown. 3. Capability: Executes local Python scripts via shell commands. 4. Sanitization: Verification of script safety cannot be determined from the markdown alone, but the primary task is structural validation rather than text-based instruction processing.
Audit Metadata