skill-distiller
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates its logic by executing local Python scripts (distiller.py) and the npx tool. These commands are used for searching, fetching, validating, and performing A/B evaluations of skill content.
- [EXTERNAL_DOWNLOADS]: The skill fetches external data from skills.sh and utilizes npx, which typically downloads and executes packages from the npm registry, introducing a dependency on remote code.
- [PROMPT_INJECTION]: As a tool that processes untrusted markdown from external sources to generate new agent instructions, it is susceptible to indirect prompt injection. A malicious skill in the registry could attempt to subvert the synthesis process to inject unauthorized behaviors or bypass safety guidelines. The skill's evidence chain includes ingestion from skills.sh, use of the distiller.py validation script, and capabilities for filesystem writing and network API calls.
Audit Metadata