Skills
skills/itechmeat/llm-code/skill-master/Gen Agent Trust Hub

skill-master

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents and utilizes the !command syntax for dynamic context injection, which allows shell commands to be executed by the agent to gather live system or project state. This is a core feature of the Agentskills specification.
  • [COMMAND_EXECUTION]: The improve_description.py and run_eval.py scripts execute the claude CLI tool via the Python subprocess module to perform automated skill evaluation and description optimization loops.
  • [EXTERNAL_DOWNLOADS]: The 'Docs Ingestion Workflow' described in references/docs-ingestion.md involves an autonomous loop that fetches external content from remote URLs to summarize and create reference notes. This uses the agent's fetching capabilities for legitimate documentation aggregation.
  • [PROMPT_INJECTION]: The improve_description.py script processes untrusted skill content by interpolating it into a meta-prompt for optimization. This represents an indirect prompt injection surface (Category 8), which the script attempts to mitigate by using XML-like tags to delimit untrusted data and instructing the model to focus on the optimization task.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:47 PM