Skills
skills/iota9star/my-skills/fuzzy-selecting/Gen Agent Trust Hub

fuzzy-selecting

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill provides extensive examples of using fzf in conjunction with other tools like kill, vim, and git. These are standard developer and system administrator workflows. While fzf supports arbitrary command execution via --preview and --bind flags, the usage documented here is for legitimate interactive selection purposes.
  • [INDIRECT_PROMPT_INJECTION] (SAFE): The skill acts as an interface for processing arbitrary list data from STDIN or the file system. While this constitutes an attack surface if an agent interprets data as instructions, the skill does not include any malicious triggers.
  • Ingestion points: STDIN, File System, and output from discovery tools like fd or ps (SKILL.md, fzf-guide.md).
  • Boundary markers: Absent. The skill does not specify delimiters for separating data from instructions.
  • Capability inventory: kill, rm, vim, npm uninstall, eval, and git (reference/fzf-guide.md).
  • Sanitization: Absent. Input is typically passed directly to subsequent commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM