skill-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a restricted set of permitted shell commands, including
mktemp,git clone, and a custom Python script, to perform its auditing functions. These operations are protected by path validation logic that ensures temporary workspaces are correctly scoped and that no shell environment hooks are triggered during the analysis of untrusted files. - [EXTERNAL_DOWNLOADS]: Content is downloaded from remote GitHub repositories for security evaluation. The skill enforces strict URL validation rules to prevent the processing of malicious links containing path traversal sequences or embedded credentials, and it performs shallow clones to minimize the data footprint.
- [PROMPT_INJECTION]: As an auditor of third-party content, the skill is naturally exposed to indirect prompt injection. This risk is mitigated through explicit architectural instructions that command the agent to treat all target file content as data to be analyzed rather than instructions to be obeyed, coupled with a requirement to ignore any directives found within the audited files.
Audit Metadata