Skills
skills/partme-ai/full-stack-skills/skill-installer/Gen Agent Trust Hub

skill-installer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill ingests data from local SKILL.md files when searching for marketplace items. This represents a theoretical surface where malicious documentation could attempt to influence agent behavior. However, the skill lacks dangerous capabilities (like shell execution or network access) that would make such an injection high-risk.
  • Ingestion points: index.ts reads content from marketplace-defined paths using fs.readFile.
  • Boundary markers: Absent; documentation content is returned as-is to the agent context.
  • Capability inventory: Limited to fs.readFile and fs.writeFile within the local project structure. No shell access or network capabilities.
  • Sanitization: None performed on the extracted documentation text.
  • File Access (SAFE): Operations are confined to reading marketplace.json and writing installed_skills.json within the designated project directory structure. No sensitive system files or credentials are accessed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:20 PM