Skills
skills/gmh5225/awesome-skills/security-skills-guide/Gen Agent Trust Hub

security-skills-guide

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill provides a specific URL (https://raw.githubusercontent.com/gmh5225/awesome-skills/refs/heads/main/README.md) and instructs the agent to fetch it using WebFetch. This is an unverifiable external resource from a non-trusted author.
  • [PROMPT_INJECTION] (LOW): The skill creates an Indirect Prompt Injection surface (Category 8c) by instructing the agent to ingest content from an attacker-controllable external source.
  • Ingestion points: The skill explicitly directs the agent to fetch and read the contents of an external README.md file.
  • Boundary markers: Absent. There are no instructions to the agent to ignore or delimit instructions found within the fetched content.
  • Capability inventory: The skill allows for general resource discovery and potentially influences which other tools or skills the agent might use based on the fetched data.
  • Sanitization: Absent. The skill provides no mechanism to sanitize or validate the content of the remote file before it is processed by the agent's LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 10:10 AM