skill-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): Detected Indirect Prompt Injection surface (Category 8).
- Ingestion points: The skill is designed to process and analyze content from other skills (SKILL.md, references) and external documentation fetched from the web using WebFetch/Context7.
- Boundary markers: The provided methodology does not specify any delimiters or safety instructions to prevent the agent from following malicious instructions embedded in the audited skills or fetched documentation.
- Capability inventory: The skill methodology includes 'Phase 14: Fix Implementation' which performs automated file modifications ('Auto-fix') and 'Phase 15: Post-Fix Verification' which executes 'discovery tests.' The report template also mentions a script
./scripts/review-skill.sh. - Sanitization: No sanitization or validation of the untrusted content is described before it is used to influence file writes or command execution.
- EXTERNAL_DOWNLOADS (LOW): The audit methodology references a non-whitelisted external domain (
blog.fsck.com) and describes a workflow that relies on fetching remote content viaWebFetch. - COMMAND_EXECUTION (LOW): The methodology references executing local automation scripts (
./scripts/review-skill.sh) and running 'skill discovery tests,' which might involve executing code or configurations from the skills being audited.
Audit Metadata