skill-distiller
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes several local Python scripts (search, fetch, validate, etc.) located in the distillery/scripts/ directory to perform skill management tasks.
- [COMMAND_EXECUTION]: Uses npx skills add to stage external skills, which involves executing a Node.js package command.
- [EXTERNAL_DOWNLOADS]: Retrieves skill source files and metadata from the external repository at skills.sh.
- [DATA_EXFILTRATION]: Transmits prompts and synthesized skill content to the OpenRouter API for A/B testing and quality evaluation, which requires an external API key.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and analyzes third-party SKILL.md files. These external files could contain instructions intended to influence the synthesis output or the behavior of the resulting skill. The analysis phase extracts techniques but does not implement explicit sanitization or strict isolation for the processed external content.
Audit Metadata