skill-enhancer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill relies on an external tool called
skill-seekers. The documentation points togithub.com/jmagly/Skill_Seekersas the source, which is not an approved trusted repository. Executing third-party tools from unverified sources to modify local files presents a significant security risk. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from
references/*.mdand uses AI to transform this content into documentation that often contains executable code blocks. - Ingestion points:
output/<skill-name>/references/*.md(external content processed at runtime). - Boundary markers: Absent. While the skill contains instructional warnings to "not hallucinate," there are no technical delimiters used to separate the instructions from the untrusted data being analyzed.
- Capability inventory: The skill performs file system modifications (
cp,mv,write) and executes theskill-seekerstool which can further interact with the system. - Sanitization: None detected. The skill directly reads and processes the content of the reference files.
- CREDENTIALS_UNSAFE (MEDIUM): The documentation explicitly instructs the user to
export ANTHROPIC_API_KEY=sk-ant-.... This practice encourages users to place sensitive API keys in plaintext within their shell environment and command history, increasing the risk of credential exposure. - COMMAND_EXECUTION (LOW): The skill uses shell commands like
cp,mv, andgrepon paths containing the variable<skill-name>. If the skill name is not properly sanitized, it could lead to path traversal or command injection vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata