skill-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/validate-metadata.py) to validate metadata inputs. This is a deterministic tool used for procedural validation within the skill-authoring workflow.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by ingesting untrusted metadata and using it as arguments in a shell command. Ingestion points: metadata fields in SKILL.md Step 1. Boundary markers: absent in the command template. Capability inventory: subprocess call to python3 in SKILL.md. Sanitization: the validation script performs regex-based filtering on the provided arguments.
- [DATA_EXPOSURE]: No access to sensitive files, environment variables, or credentials was observed. The skill operates entirely on the text provided for metadata validation.
- [REMOTE_CODE_EXECUTION]: No remote script downloads, untrusted package installations, or remote code execution patterns were detected. All logic is contained within the local skill directory.
Audit Metadata