accelint-skill-manager
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The README and templates recommend installing the skill via
npx skills addusing a GitHub repository (gohypergiant/agent-skills) that is not on the trusted list. This instructs the user or agent to execute code from an unverified third-party source. Additionally, the use of the generic package nameskillswithnpxpresents a significant risk of executing malicious code if that package name is held by an unrelated third party on the public registry. - COMMAND_EXECUTION (LOW): The
SKILL.mdworkflow contains a shell block that instructs the agent to runls -lato find existing skills in project and global directories. While limited in scope, this is a direct execution of shell commands based on skill instructions. - DATA_EXFILTRATION (LOW): The skill directs the agent to access the user's home directory (
~/.claude/skills) to inventory installed skills. This exposes the directory structure and installed software to the agent context, though no remote transmission of this data is specified. - PROMPT_INJECTION (LOW): The skill is designed to ingest and audit other skills, creating an attack surface for indirect prompt injection. A malicious skill being audited could contain instructions to subvert the agent's behavior.
- Ingestion points: Auditing or refactoring existing skill files in
.claude/skillsor~/.claude/skills. - Boundary markers: The skill encourages structured ❌/✅ examples but does not mandate delimiters or explicit instructions to ignore instructions found within processed skill data.
- Capability inventory: Includes listing files, reading file contents, and creating new files and directories.
- Sanitization: No explicit sanitization or validation of the content of audited skills is performed before the agent processes it.
Audit Metadata