skill-share
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes user-supplied names and descriptions to generate file content and Slack messages. Ingestion points: User inputs for skill name and description. Boundary markers: Absent. Capability inventory: File system writes, ZIP creation, and Slack messaging via Rube. Sanitization: None described. Mitigation: Use strict schema validation for inputs and sanitize content before interpolation.
- Data Exfiltration (LOW): The skill performs network operations via Slack (Rube) to a non-whitelisted domain. While intended for sharing metadata, this capability could be used to send sensitive information if not properly scoped.
- Dynamic Execution (LOW): Documentation indicates the creation of a 'scripts/' directory. Generating executable files from user-influenced metadata is a surface for low-complexity script generation risks.
Audit Metadata