agent-platforms
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill directs the agent to retrieve external content via WebFetch from a repository not on the trusted list (gmh5225/awesome-skills). This creates a risk where instructions in the fetched README.md could influence the agent's behavior. Evidence: 1. Ingestion points: 'Full Resource List' section in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: The skill assumes access to fetching tools like WebFetch. 4. Sanitization: No validation or escaping of the remote content is specified.
- External Downloads (LOW): The skill provides a direct URL to a remote README.md file and example commands to clone external repositories from untrusted GitHub users.
Audit Metadata