skills-audit
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to execute 'npx skilllens scan' or install the 'skilllens' package globally. This package is not from a trusted organization list. Running unverified third-party binaries from a public registry poses a supply-chain risk.
- [COMMAND_EXECUTION] (LOW): The skill is designed to run shell commands to perform audits. While this is the intended functionality, it involves executing external code on the host system.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes content from other skills. 1. Ingestion points: Contents of 'SKILL.md' and referenced files in the directory being scanned. 2. Boundary markers: Absent; there are no instructions to the agent to disregard instructions found within the audited files. 3. Capability inventory: Execution of the 'skilllens' CLI. 4. Sanitization: Absent; the skill does not describe any methods for filtering or escaping content from the audited skills before reporting.
Audit Metadata