skill-updater
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches skill definitions and research data from external sources including GitHub and arXiv.org. Evidence: SKILL.md Step 2A uses the GitHub API to fetch content from the VoltAgent/awesome-agent-skills repository, and Step 2.2 uses WebFetch for arXiv.org queries.
- [COMMAND_EXECUTION]: Executes shell commands to process fetched data and manage the local skill ecosystem. Evidence: SKILL.md Step 2A uses bash pipes (base64, grep) to process API responses. scripts/main.cjs uses child_process.spawnSync to run maintenance tools such as generate-skill-index.cjs and update local routing tables.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it ingests and processes external markdown files which may contain malicious instructions. It attempts to mitigate this via a 'Security Review Gate'.
- Ingestion points: External content fetched via GitHub API and WebFetch as described in SKILL.md Step 2.
- Boundary markers: Explicit 'Security Review Gate' instructions in SKILL.md designed to filter incoming content.
- Capability inventory: Bash execution, file read/write (scripts/main.cjs), and tool invocation (WebFetch, Skill).
- Sanitization: Prompt-based pattern scanning for injection, exfiltration, and privilege escalation markers.
Audit Metadata