Skills
skills/mindfold-ai/docs/contribute/Gen Agent Trust Hub

contribute

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user/agent to execute git clone https://github.com/mindfold-ai/docs.git. Because the organization mindfold-ai is not included in the pre-approved list of trusted GitHub organizations, this is treated as an unverifiable external source.
  • COMMAND_EXECUTION (MEDIUM): The skill includes development setup instructions such as pnpm install, pnpm dev, and pnpm verify. The pnpm install command downloads and potentially executes arbitrary lifecycle scripts from the npm registry, which is a risk when the repository source is not trusted.
  • PROMPT_INJECTION (LOW): The skill is designed to ingest and process documentation files (.mdx) and configuration files (docs.json). This creates a surface for indirect prompt injection if the content of these documentation files is modified by an external contributor. Evidence: Ingestion points in docs.json and various .mdx files; Capability: Subprocess calls via pnpm scripts.
  • CREDENTIALS_UNSAFE (SAFE): No hardcoded credentials, API keys, or sensitive environmental paths were identified in the provided markdown file.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:28 PM