skill-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains reference files and regex patterns in
references/prompt-injection-patterns.mdandscripts/scan_skill.pythat describe various injection techniques. These are documented for the purpose of identification and security auditing and do not represent instructions to the agent itself. - [COMMAND_EXECUTION]: The skill uses the Bash tool to run its bundled static analysis script (
scan_skill.py). This is a justified use of the tool for its core functionality. - [EXTERNAL_DOWNLOADS]: The skill's bundled script requires the
pyyamlpackage, which is a standard and well-known utility for processing YAML data. - [DATA_EXFILTRATION]: The workflow involves reading files from the local filesystem for analysis. No network exfiltration or unauthorized data access was detected.
Audit Metadata