skill-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill consists entirely of instructional markdown and a YAML manifest. No executable scripts (.py, .js, .sh) are included or referenced for execution.
- [COMMAND_EXECUTION] (SAFE): The allowed tools are restricted to 'Read' and 'Glob', which are appropriate for the stated purpose of reviewing file structures and content without risk of arbitrary command execution or privilege escalation.
- [DATA_EXFILTRATION] (SAFE): No network-enabled tools or operations (e.g., curl, fetch, requests) are requested or used. There are no hardcoded credentials or sensitive file path accesses.
- [PROMPT_INJECTION] (SAFE): The instructions are designed to provide a structured review process. There are no attempts to bypass safety filters, extract system prompts, or override agent constraints.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill's primary function is to ingest and analyze untrusted third-party skill files. While this creates a surface for indirect prompt injection (where a reviewed skill could attempt to influence the reviewer's report), the lack of high-privilege tools like 'exec' or network access limits the potential impact to the accuracy of the review report itself.
Audit Metadata