Skills
skills/moizibnyousaf/ai-agent-skills/review-a-skill/Gen Agent Trust Hub

review-a-skill

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses npx to run shell commands for previewing, validating, and curating other skills. These commands are necessary for the skill's defined workflow and are executed in the context of skill library management.
  • [EXTERNAL_DOWNLOADS]: The use of npx involves downloading the ai-agent-skills package from the npm registry if it is not already available locally. This is a standard mechanism for executing Node.js-based tooling.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes content from external skill files. This is mitigated by the tool's design.
  • Ingestion points: Skill content is read from the local file system using the preview and validate commands as defined in SKILL.md.
  • Boundary markers: Documentation indicates that the preview command includes a sanitization step for the content it displays and warns the user to investigate if sanitization flags are triggered.
  • Capability inventory: The skill possesses the ability to curate, verify, and delete skill files via the curate command.
  • Sanitization: Content is sanitized by the underlying preview tool before being presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 04:17 PM