skill-curator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing untrusted data from external repositories.
- Ingestion points: The skill instructions (SKILL.md) direct the agent to read and extract metadata from
SKILL.mdfiles found in external GitHub repositories or URLs. - Boundary markers: There are no specified boundary markers or delimiters to separate the extracted external content from the agent's internal logic or output formatting.
- Capability inventory: The skill utilizes file-reading capabilities (via GitHub MCP or Repo Explorer) and file-writing capabilities to update the local
README.mdcatalog. - Sanitization: The skill does not include instructions to sanitize, validate, or escape the extracted 'Name' or 'Description' fields before writing them to the local workspace documentation.
Audit Metadata