skill-share
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The skill generates 'standardized scripts' and 'scripts/' directories based on user-provided parameters. Generating executable content at runtime presents a risk of arbitrary command execution if the generation logic does not correctly sanitize user input or if generated scripts are executed during validation.\n- Indirect Prompt Injection (LOW): The skill processes untrusted user input to define skill metadata and content.\n
- Ingestion points: User-supplied skill name and description.\n
- Boundary markers: None identified in the skill definition.\n
- Capability inventory: Filesystem write (directory and file creation), ZIP archiving, and Slack messaging via Rube.\n
- Sanitization: No sanitization or escaping of input is mentioned before it is written to files or sent to Slack.\n- Data Exposure & Exfiltration (LOW): The combination of ZIP packaging and Slack integration provides a mechanism that could be abused to exfiltrate sensitive files. A malicious prompt could trick the agent into zipping non-skill directories and sharing the result via Slack channels.
Audit Metadata