skills-management
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill provides an extensive framework for managing agent skills with a strong emphasis on security and best practices.
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation describes workflows for installing external code using
npx skills addandskill-manager install. - Evidence: Found in
references/finding-skills.mdandreferences/skill-manager-usage.md. - Mitigation: The skill includes a 'Security Audit' checklist (Category 2, 4, and 8 mitigation) in
references/finding-skills.mdthat explicitly instructs the agent/user to scan for prompt injection, data exfiltration, and supply chain risks before installation. - [COMMAND_EXECUTION] (LOW): The skill references a
skill-managerscript that performs file system operations (create, remove, symlink) to manage the skill lifecycle. - Evidence: Found in
references/skill-manager-usage.md. The operations are restricted to the local user's skill directories (e.g.,~/.claude/skills/). - [PROMPT_INJECTION] (SAFE): The skill contains defensive instructions to prevent the agent from being 'persuaded' to skip steps or ignore rules (specifically for TDD).
- Evidence:
references/testing-methodology.mduses psychological principles (Cialdini) to ensure agent adherence to safety and quality protocols, acting as a counter-injection measure.
Audit Metadata