Skills
skills/moosegoose0701/skill-compose/skill-updater/Gen Agent Trust Hub

skill-updater

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest, read, and process content from external skill directories or .skill archives provided by the user.
  • Ingestion points: The analyze_skill.py script reads SKILL.md files; the instructions direct the agent to cat <skill-path>/SKILL.md directly into the conversation context, and unzip archives to temporary directories.
  • Boundary markers: Absent. The instructions do not specify the use of XML tags or other delimiters to isolate the untrusted content from the agent's instructions, nor do they warn the agent to ignore instructions found within analyzed files.
  • Capability inventory: The skill has the capability to execute shell commands (bash, unzip, cat), run Python scripts (analyze_skill.py, quick_validate.py), and modify files on the local system.
  • Sanitization: Absent. There is no evidence of sanitization or filtering of the content read from external skill files before it is processed or displayed to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 04:59 PM