skill-share
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill includes features to package local directories into zip archives and send metadata to a Slack workspace via Rube. This combination of capabilities allows for potential exfiltration of sensitive local data if the agent is manipulated into packaging unauthorized folders or including private information in the transmitted Slack notifications.
- [COMMAND_EXECUTION]: The documentation indicates the use of Python scripts to automate the creation of directory structures and files. The dynamic creation of paths and files based on user-supplied 'skill names' poses a risk of directory traversal or command injection if the underlying scripts do not properly sanitize these inputs during execution.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by incorporating untrusted user-supplied strings for names and descriptions into generated files and Slack message blocks.
- Ingestion points: User-provided skill name and description fields used during the initialization step.
- Boundary markers: None documented. There are no instructions or delimiters provided to ensure the agent or Slack recipients treat embedded content as data rather than instructions.
- Capability inventory: Write access to the local file system, zip packaging, and external communication via the Slack API.
- Sanitization: None documented. No validation or escaping of user input is mentioned prior to its use in generating system artifacts or messaging content.
- [EXTERNAL_DOWNLOADS]: The skill metadata references a source repository hosted on GitHub under the 'ComposioHQ' organization.
Audit Metadata