skill-from-github
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted data from external sources.
- Ingestion points: The workflow involves reading README files, core source files, and documentation from any GitHub project selected by the user or agent (SKILL.md, Step 4).
- Boundary markers: There are no explicit boundary markers or instructions to the agent to treat content within the GitHub projects as untrusted data or to ignore any embedded directives.
- Capability inventory: While the skill itself primarily performs information gathering, its final step is to execute the
/create-skillcommand (SKILL.md, Step 6), which creates new persistent instructions for the agent based on the extracted information. - Sanitization: No sanitization, filtering, or validation mechanisms are defined to ensure that instructions extracted from the GitHub project are safe or do not contain injection attempts.
Audit Metadata