Skills
skills/mcollina/skills/snipgrapher/Gen Agent Trust Hub

snipgrapher

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute the snipgrapher package from the npm registry, which is a standard well-known service for Node.js tools.\n- [COMMAND_EXECUTION]: The skill relies on shell commands like snipgrapher render and snipgrapher init to perform its primary rendering and configuration tasks.\n- [PROMPT_INJECTION]: The skill processes user-supplied source code files, creating a potential surface for indirect prompt injection.\n
  • Ingestion points: Source files (e.g., file.ts) provided as input to the render command in SKILL.md and rules/rendering-workflows.md.\n
  • Boundary markers: There are no explicit instructions or delimiters used to separate the content of the source files from the agent's operating instructions.\n
  • Capability inventory: The agent can execute CLI commands and interact with the file system while performing rendering tasks.\n
  • Sanitization: The instructions do not specify any validation or sanitization of the input file names or their content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 12:41 AM