openskills-bindings-maintainer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npm installto download project dependencies. This is an expected operation for repository maintenance that retrieves code from the well-known npm registry. - [COMMAND_EXECUTION]: Executes build and installation commands such as
npm run build. This allows the agent to run scripts defined in the project's local configuration. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). • Ingestion points: Reads and analyzes code and API changes within the
bindings/directory. • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the analyzed files. • Capability inventory: The skill can execute shell commands and build processes. • Sanitization: No sanitization or content validation is performed on the files being processed.
Audit Metadata