skill-hunter
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection. The skill retrieves 'SKILL.md' files from arbitrary third-party GitHub repositories. These files could contain malicious natural language instructions that influence the agent's behavior when processed at runtime. * Ingestion points: The discovery script
discovery_phase_1_v3.pyfetches content directly from the GitHub API. * Boundary markers: None observed in the skill's logic for wrapping or delimiting external data. * Capability inventory: The skill has the ability to read and write local files and make network requests to GitHub, though it does not execute the downloaded content directly. * Sanitization: No explicit sanitization or validation of the remote content is implemented before it is presented to the agent. - [EXTERNAL_DOWNLOADS]: Fetches skill data and repository metadata from GitHub's official API. This behavior is documented neutrally as it targets a well-known service essential for the skill's primary discovery function.
Audit Metadata