Skills
skills/jwynia/agent-skills/competency-builder/Gen Agent Trust Hub

competency-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The script scripts/scaffold.ts imports the parse_args.ts utility from https://deno.land/std@0.224.0/. This is the official Deno standard library and uses a pinned version, which is common practice but qualifies as an external dependency.
  • COMMAND_EXECUTION (LOW): The generator script is configured to run with --allow-write permissions. This grants the skill the capability to write or overwrite files on the local filesystem at paths specified by the agent or user.
  • INDIRECT_PROMPT_INJECTION (LOW): The script ingests untrusted data from command-line arguments and interpolates it directly into a generated markdown template without sanitization. Ingestion points: Deno.args (topic and audiences) in scripts/scaffold.ts. Boundary markers: Absent in the output generation logic. Capability inventory: File system write access (Deno.writeTextFileSync). Sanitization: Absent; the script directly concatenates input strings into the scaffold content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:27 PM