Skills
skills/jamie-bitflight/claude_skills/fact-check/Gen Agent Trust Hub

fact-check

Warn

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill explicitly instructs the agent to use npx <tool> --help as valid evidence for claim verification. This allows the agent to download and execute arbitrary code from the NPM registry if the tool is not locally present.
  • [COMMAND_EXECUTION]: The skill performs several potentially dangerous shell operations, including git push, uv run, and gh api. These commands are executed as part of the automated workflow after processing external information.
  • [DATA_EXFILTRATION]: The automated git push -u origin HEAD operation could be used to exfiltrate data or commit malicious changes to the repository if the agent is influenced by untrusted external content.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted web content.
  • Ingestion points: WebFetch, WebSearch, and gh API tools (SKILL.md).
  • Boundary markers: None provided for the fetched external content.
  • Capability inventory: npx, uv run, git push, and gh api (SKILL.md).
  • Sanitization: None described for processing external web content before use in prompts or commands.
  • [EXTERNAL_DOWNLOADS]: The use of npx involves downloading packages from the public NPM registry at runtime, which poses a supply chain risk if the package name is derived from untrusted input.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 28, 2026, 12:17 AM