Skills
skills/haoxuanlithuai/awesome_cognitive_and_neuroscience_skills/Verify Skill/Gen Agent Trust Hub

Verify Skill

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (gh) and Git.
  • It runs gh auth status to check user authentication state.
  • It performs external write operations via gh api graphql to submit verification reports to GitHub Discussions.
  • It executes git commit to persist corrections made to the local repository.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
  • Ingestion points: It reads the full content of other SKILL.md files and ingests untrusted user input during 'Experience Collection' and 'Test Scenario Construction'.
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands when processing the content of the target skill.
  • Capability inventory: The skill possesses file-write capabilities (modifying SKILL.md files), version control access (git commit), and network write access via the GitHub API.
  • Sanitization: No sanitization or validation is performed on the data ingested from the target skills or the user's test scenarios before it is processed or used to generate the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 01:49 PM