Skills
skills/lebsral/dspy-programming-not-prompting-lms-skills/ai-do/Gen Agent Trust Hub

ai-do

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands such as ls skills/ and ls ~/.claude/skills/ to discover which skill components are already installed in the user's environment.
  • [EXTERNAL_DOWNLOADS]: Fetches skill documentation, including SKILL.md, examples.md, and reference.md, from the lebsral/DSPy-Programming-not-prompting-LMs-skills GitHub repository to ensure the router has the latest information for its recommendations.
  • [PROMPT_INJECTION]: Acts as an indirect prompt injection surface by ingesting user-supplied descriptions of AI tasks to generate prompts for other skills. This risk is mitigated by a multi-step discovery process where the agent is instructed to ask clarifying questions before finalizing a routing command.
  • [COMMAND_EXECUTION]: Recommends the use of the npx skills add command to install missing components from the author's official repository as part of the routing workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:03 PM