skill-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and documentation reference the execution of several local shell scripts, including
./scripts/review-skill.sh,./scripts/check-versions.sh, and./scripts/install-skill.sh. These scripts are used for automated validation and installation tasks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it is designed to process untrusted data from the web (via WebFetch and WebSearch) and other local skill files. 1. Ingestion points: External documentation sites and third-party repository files accessed via WebFetch and Read tools. 2. Boundary markers: The provided instructions lack explicit delimiters or instructions to ignore embedded commands within the fetched data. 3. Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit, which could be targeted by instructions hidden in audited content. 4. Sanitization: No evidence of sanitization or safety-filtering for the data retrieved from external sources before processing.
Audit Metadata