aios-skill-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell operations including mkdir for directory creation, and a sequence of git commands (git add, git commit, git push) to publish generated content to the mrnobrands/aios-skills repository.
- [EXTERNAL_DOWNLOADS]: The skill executes npx to install software from the vendor's repository (mrnobrands/aios-skills), which is a core function of the skill's deployment process.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Ingestion points: User input is gathered in Step 1 to define the skill's purpose and trigger phrases. Boundary markers: The skill lacks specific delimiters to isolate user-provided text when writing the SKILL.md file in Step 5. Capability inventory: The skill possesses capabilities to write to the local filesystem and execute network operations via Git and npx. Sanitization: Validation steps are limited to length and format checks, without escaping or filtering potentially malicious instructions that could be embedded in the user's requirements.
Audit Metadata