better-skill-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python and shell scripts (
scripts/validate.pyandscripts/analyze.sh) to perform automated validation and profile extraction of the target skill directory. - [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface as it is designed to ingest and review content from external, potentially untrusted skills.
- Ingestion points: In Step 5 (Semantic Review), the agent reads the full content of the target skill's
SKILL.mdand associated files. - Boundary markers: The automated analysis provides structured JSON output, but the semantic analysis relies on reading raw markdown without specialized delimiters.
- Capability inventory: The agent can execute shell commands, Python scripts, and has file-writing capabilities through the 'Interactive Improvement' step (Step 7).
- Sanitization: While the linter checks for secrets, it does not sanitize the target skill's instructions before they are processed by the LLM.
- [SAFE]: The linter script (
validate.py) includes specific logic to detect security risks in the skill under review, such as hardcoded API keys (OpenAI, GitHub, AWS), Slack tokens, and PII (emails), which is a security best practice for development tools.
Audit Metadata