awesome-skills-overview
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill directs the agent to fetch and process data from an external, untrusted source (github.com/gmh5225/awesome-skills). This creates an attack surface where instructions embedded in the remote README.md could attempt to influence the agent's behavior.
- Ingestion points: The 'Full Resource List' section suggests using WebFetch on
https://raw.githubusercontent.com/gmh5225/awesome-skills/refs/heads/main/README.md. - Boundary markers: None specified; the agent is expected to process the raw markdown content.
- Capability inventory: The skill description implies the agent will be 'organizing categories' and 'maintaining README.md consistency', which involves file system write operations.
- Sanitization: No sanitization or validation of the external content is defined.
- [External Downloads] (LOW): The skill references an external URL for a README file. While it is a non-executable documentation file, the source repository is not part of the trusted organizations list.
Audit Metadata