skillsmp-search
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is designed to download SKILL.md files from arbitrary GitHub repositories identified via the SkillsMP API.
- These downloaded files are saved locally and act as executable instructions for the agent, creating a risk if the source repository is malicious.
- [COMMAND_EXECUTION]: Shell commands are used for networking and local file access.
- The skill utilizes curl to communicate with the SkillsMP API and to fetch remote files from raw.githubusercontent.com.
- It executes cat to retrieve the stored API key from the local filesystem for authorization.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through community-contributed content.
- Ingestion points: External SKILL.md files are downloaded and processed during the comparison and installation workflows.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested skill files.
- Capability inventory: The skill possesses the ability to execute network requests via curl, read local files, and write new skill files to the filesystem.
- Sanitization: The process performs basic frontmatter validation but does not include an audit or sanitization of the instructional content within the downloaded skills.
Audit Metadata