skill-refiner
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill executes local shell scripts ('find_skills.sh', 'skill-refiner.sh') and Python scripts ('audit_skill.py') to traverse the workspace and analyze compliance. These operations are limited to the local environment and are consistent with the skill's maintenance purpose.
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted content from the workspace. Ingestion points: The 'audit_skill.py' script reads and parses 'SKILL.md' files found throughout the workspace. Boundary markers: There are no explicit delimiters or safety warnings used to prevent the content of audited files from being interpreted as instructions by the agent. Capability inventory: The agent is instructed in the 'SKILL.md' workflow to perform potentially destructive actions, including deleting 'extraneous' files (README.md, CHANGELOG.md), moving directories, and rewriting file contents based on the audit output. Sanitization: While the Python script uses regex to validate YAML frontmatter structure, it does not sanitize the body text or ensure the audited content cannot manipulate the agent's subsequent 'fixing' phase.
Audit Metadata