Skills
skills/jwynia/agent-skills/skill-integrator/Gen Agent Trust Hub

skill-integrator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Data Exposure & Exfiltration] (SAFE): The scripts analyze-project.ts and scan-skills.ts request read access (--allow-read) to examine project structures and metadata files (like package.json and SKILL.md). There are no network operations, hardcoded credentials, or file-writing capabilities detected.
  • [Unverifiable Dependencies & Remote Code Execution] (SAFE): The scripts are self-contained Deno scripts using standard library features. They do not import external packages or download remote code.
  • [Indirect Prompt Injection] (LOW): scan-skills.ts parses SKILL.md files which are external data. While an attacker could put misleading metadata in these files to influence the scanner's output, the script itself has no dangerous capabilities (no subprocesses or network access) to exploit.
  • Ingestion points: scripts/scan-skills.ts reads SKILL.md from the .claude/skills/ directory.
  • Boundary markers: Uses standard markdown YAML frontmatter delimiters (---).
  • Capability inventory: Limited strictly to Deno.readTextFile, Deno.readDir, and console logging. No network or shell execution.
  • Sanitization: Uses regex for extraction; does not execute or evaluate the content of the files.
  • [Dynamic Execution] (SAFE): No use of eval(), Function(), or dynamic code generation was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:32 PM