skill-quality-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious code, obfuscation, or data exfiltration attempts were detected. All behaviors align with the skill's documented auditing purpose.
- [COMMAND_EXECUTION]: The skill performs local directory listings and executes its own utility scripts.
- Evidence: Uses 'ls -la' to check for skill file existence.
- Evidence: Invokes 'scripts/extract-yaml.sh' and 'scripts/skill-audit.py' for data extraction and analysis.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection through the files it evaluates.
- Ingestion points: Content of external 'SKILL.md' files.
- Boundary markers: No specific delimiters or safety instructions found in script logic.
- Capability inventory: Directory listing, shell/python script execution, and writing report files to disk.
- Sanitization: Uses standard regular expressions for parsing specific fields.
Audit Metadata