skill-seekers
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'skill-seekers' Python package from PyPI and directs users to its official GitHub repository and website for documentation and preset configurations.- [PROMPT_INJECTION]: The tool ingests untrusted content from external sources to generate AI-ready markdown files, creating a surface for indirect prompt injection. 1. Ingestion points: The 'skill-seekers create', 'skill-seekers pdf', and 'skill-seekers github' commands described in SKILL.md ingest data from URLs, PDF files, and remote repositories. 2. Boundary markers: The documentation in SKILL.md does not describe the use of delimiters or 'ignore' instructions to prevent the agent from obeying commands hidden within source materials. 3. Capability inventory: The skill utilizes CLI commands for web scraping, file processing, and package creation as described throughout SKILL.md. 4. Sanitization: SKILL.md provides no information regarding the validation or sanitization of input data before it is formatted into output instructions.
Audit Metadata