skill-sync
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The skill utilizes the Bash tool to execute its own internal script
./skills/skill-sync/assets/sync.sh. This is the intended primary purpose of the skill to facilitate metadata syncing. - [Indirect Prompt Injection] (LOW): The skill processes untrusted content from various
SKILL.mdfiles and writes it intoAGENTS.mdfiles. This creates a surface where a malicious skill could inject instructions into common documentation used by other agents. - Ingestion points:
skills/*/SKILL.md(metadata fields). - Boundary markers: Absent in the generated markdown tables.
- Capability inventory:
Read,Edit,Write,Bash(viasync.sh). - Sanitization: No mention of escaping or sanitizing metadata content before interpolation into documentation.
Audit Metadata