skill-lookup
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill initiates downloads from the prompts.chat service, which is not included in the list of trusted external sources. It fetches content that includes markdown, documentation, and scripts.
- REMOTE_CODE_EXECUTION (MEDIUM): By instructing the agent to 'Save each file to the appropriate location' including 'Helper scripts (Python, shell, etc.)', the skill enables the introduction of unverified code onto the local system. This creates a potential for remote code execution if those scripts are subsequently triggered.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is vulnerable to indirect injection via data ingested from the prompts.chat marketplace. * Ingestion points: Data retrieved via the search_skills and get_skill tools. * Boundary markers: Absent; the prompt does not provide delimiters or instructions to ignore embedded commands in fetched files. * Capability inventory: File system write access to the .claude/skills/ directory and persistence of third-party scripts. * Sanitization: Absent; file content is saved directly to the disk without validation or escaping.
Audit Metadata