xzskill
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill serves as a development utility to maintain consistency across platform-specific command files.
- [COMMAND_EXECUTION]: The skill delegates its primary logic to a local repository script at
scripts/xzskill.js. The instructions strictly limit the script's operations to specific directories (skills/,.claude/commands/,.github/skills/,.trae/) and prevent the execution of arbitrary or user-supplied commands. - [PROMPT_INJECTION]: The skill includes defensive instructions to prevent self-referential generation (avoiding
xzskillprocessing itself) and mandates that the agent treats placeholders like$ARGUMENTSas literal text to prevent command injection or unintended expansion during file generation.
Audit Metadata