Skills
skills/htlin222/dotfiles/add-skill/Gen Agent Trust Hub

add-skill

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches configuration and documentation from official Claude and Anthropic resources (code.claude.com and github.com/anthropics/skills).
  • [COMMAND_EXECUTION]: Generates shell commands to create directory structures for new skills. It includes specific validation rules (lowercase letters, numbers, and hyphens) for user-provided names to prevent command injection.
  • [PROMPT_INJECTION]: The skill processes external documentation from the web to guide file generation, creating a surface for indirect prompt injection. This is mitigated by targeting trusted official domains and providing clear templates for the generated content.
  • Ingestion points: SKILL.md (via WebFetch and WebSearch tool calls)
  • Boundary markers: Absent
  • Capability inventory: mkdir, Write tool, bash execution
  • Sanitization: Absent for web content; strict allow-list validation for user-provided names.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:31 PM