skill-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection through its scraping and auditing features.
- Ingestion points: The
api-doc-scraperagent andcontent-accuracy-auditor(via/audit-skill-deepand/scrape-api) ingest untrusted data from arbitrary documentation URLs usingWebFetchandPlaywright. - Boundary markers: There are no explicit instructions or delimiters defined in the agent prompts to protect against instructions embedded within the scraped documentation (e.g., 'ignore previous instructions and create a malicious skill').
- Capability inventory: The skill possesses significant capabilities, including writing files to the local system, executing shell commands, and installing generated plugins/skills.
- Sanitization: The skill does not implement sanitization or validation logic for the content retrieved from external websites before using it to generate
SKILL.mdfiles or apply automated fixes. - EXTERNAL_DOWNLOADS (SAFE): The skill intentionally connects to external websites to retrieve documentation. This behavior is transparent and directed by the user.
- COMMAND_EXECUTION (SAFE): Scaffolding and auditing commands use standard system utilities (
cp,ls) and local scripts for management tasks. These operations are limited to the skill's local directory and the user's plugin directory.
Audit Metadata