build-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill uses
gitandcurlto fetch external content from repositories and URLs defined in local configuration files. While intended for documentation, this creates a vector for ingesting untrusted data. - [COMMAND_EXECUTION] (LOW): Executes shell commands including
ls,jq,test,git, andcurlto manage files and download data. These operations are limited to the skill's defined workspace. - [INDIRECT_PROMPT_INJECTION] (LOW): (Category 8)
- Ingestion points: External documentation files (Markdown) fetched via Git/Curl and local JSON configuration files in
vault/configs/. - Boundary markers: Absent. The skill does not implement delimiters or instructions to ignore embedded prompts within the source documentation during the 'AI filtering' phase.
- Capability inventory: The skill can perform network downloads, filesystem writes, and install/link new agent skills, providing a path for poisoned documentation to influence agent behavior.
- Sanitization: Absent. There is no evidence of content sanitization before documentation is parsed into the generated
SKILL.md. - [DYNAMIC_EXECUTION] (LOW): The skill dynamically generates and installs new
SKILL.mdfiles at runtime. This 'Skill Generator' pattern is the primary purpose of the tool but remains a risk if the source content is malicious. - [PERSISTENCE_MECHANISMS] (LOW): Uses
olore installto copy generated skills to~/.olore, maintaining these new capabilities across agent sessions.
Audit Metadata