skill-seeker
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
uv runto execute internal Python scripts (create.py,review.py,install.py) that perform subprocess management and file system tasks. - [EXTERNAL_DOWNLOADS]: Fetches the
skill-seekersandpyyamlpackages from PyPI.skill-seekersis a tool provided by the author to facilitate documentation scraping. - [PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection through its ingestion of untrusted data. 1. Ingestion points: Content is scraped from user-specified URLs, GitHub repositories, and local files in
scripts/create.py. 2. Boundary markers: The process lacks explicit delimiters or warnings to ignore instructions within the scraped content during the refinement phase inSKILL.md. 3. Capability inventory: The skill can write files and install persistent configurations viascripts/install.py. 4. Sanitization: No filtering is applied to the scraped content before it is processed by the agent. - [COMMAND_EXECUTION]: The
install.pyscript manages the persistent installation of generated skills into~/.claude/skills/and performs directory management (shutil.rmtree). This mechanism allows code derived from external sources to persist across agent sessions.
Audit Metadata