Skills
skills/glitternetwork/pinme/pinme-share/Gen Agent Trust Hub

pinme-share

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the pinme CLI tool for several operations: checking the version with pinme --version, authenticating with pinme login or pinme set-appkey, and uploading content via pinme upload.
  • [DATA_EXFILTRATION]: The core functionality involves uploading local workspace content to an external service. The skill provides explicit safety guidelines to prevent the leak of sensitive data, such as .env, .git, and private credentials.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data to generate HTML content.
  • Ingestion points: Project details, conversation logs, and user-provided files are used as input (SKILL.md).
  • Boundary markers: No specific boundary markers are defined for prompt interpolation, although HTML escaping is required for the output.
  • Capability inventory: The skill can execute shell commands (pinme upload) which involves network transmission of the processed data (SKILL.md).
  • Sanitization: The instructions explicitly call for the removal of secrets and escaping of user-provided text before insertion into HTML.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:39 PM