skill-seekers
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation provides examples of setting environment variables for GitHub and Anthropic API keys using safe placeholders such as 'ghp_your_token_here' and 'sk-ant-...'. It correctly advises users to manage secrets via environment variables rather than hardcoding them.
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install dependencies and the core tool from trusted or well-known sources including PyPI ('skill-seekers', 'requests', 'beautifulsoup4') and official GitHub repositories.
- [PROMPT_INJECTION]: As a tool designed for scraping and processing external content (websites, GitHub repos, PDFs), it possesses an inherent surface for indirect prompt injection where malicious instructions in the source material could influence output. * Ingestion points: 'skill-seekers scrape', 'skill-seekers github', and 'skill-seekers pdf' commands. * Boundary markers: Not explicitly defined in the provided instructional text. * Capability inventory: The skill utilizes shell command execution, performs network operations for scraping, and writes data to the local file system. * Sanitization: The instructions do not specify manual sanitization steps, relying on the internal processing logic of the 'skill-seekers' tool.
Audit Metadata