Skills
skills/f/prompts.chat/skill-lookup/Gen Agent Trust Hub

skill-lookup

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill is designed to download and install arbitrary files, including 'helper scripts (Python, shell, etc.)' and 'configuration files', from an external source to the local filesystem.
  • Evidence: The instructions explicitly direct the agent to 'Save each file to the appropriate location: ... Other files -> .claude/skills/{slug}/{filename}'.
  • Risk: This bypasses typical software supply chain security. If the external repository contains malicious code, the agent will install it into its own execution environment.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill connects to 'prompts.chat', which is not a verified or trusted source according to the security guidelines.
  • Evidence: Use of the prompts.chat MCP server and tools search_skills/get_skill to retrieve content.
  • PROMPT_INJECTION (LOW): The skill has a high surface area for Indirect Prompt Injection (Category 8).
  • Ingestion points: get_skill tool output from the prompts.chat API.
  • Boundary markers: None. The instructions do not define delimiters or instruct the agent to ignore instructions embedded in the downloaded files.
  • Capability inventory: File system write access, directory creation, and the ability to load future skills.
  • Sanitization: None. The skill blindly saves the content returned by the API.
  • Persistence Mechanisms (MEDIUM): By saving files to .claude/skills/, the skill enables downloaded code to persist across sessions and be automatically loaded by the AI agent in the future.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 12:29 PM