skill-vetter
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a protocol for security auditing and contains no malicious instructions.
- [COMMAND_EXECUTION]: Employs curl to retrieve repository metadata and file contents from GitHub for inspection.
- [DATA_EXFILTRATION]: Performs network requests to GitHub's public API and raw content domains; no sensitive user data is accessed or transmitted.
- [PROMPT_INJECTION]: Acts as an ingestion surface for external code, presenting a surface for indirect prompt injection which the skill itself is designed to mitigate through systematic review. Ingestion points: External skill files via curl. Boundary markers: None. Capability inventory: curl and content analysis. Sanitization: Relies on manual checklist verification.
Audit Metadata