integrate-skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the openskills read command to access content from other skills for integration purposes.
- [EXTERNAL_DOWNLOADS]: The skill includes instructional templates for installing dependencies via npm, pnpm, or yarn as required by the integrated skills.
- [PROMPT_INJECTION]: The skill ingests data from external skills which creates an indirect prompt injection surface. * Ingestion points: Content retrieved via openskills read in SKILL.md. * Boundary markers: No explicit delimiters or ignore-instructions warnings are used when processing the skill content. * Capability inventory: File-write access to the .trellis directory, subprocess execution for package managers, and command creation via /trellis:create-command. * Sanitization: No explicit sanitization of the external content is performed before interpolation into guidelines.
Audit Metadata