guardskills
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
guardskillspackage from the npm registry, which is a well-known service. - [REMOTE_CODE_EXECUTION]: It uses
npxto download and run theguardskillsscanner, which is a documented and intended behavior for this utility. - [COMMAND_EXECUTION]: The skill executes shell commands to interface with external skill installers like
skills.sh,playbooks, andskillkitafter completing its security scan. - [PROMPT_INJECTION]: As a security scanner, the tool processes untrusted data from external repositories. While this creates a surface for indirect prompt injection, the skill includes a specific rule matrix to detect and block such patterns.
Audit Metadata