skill-capture
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates safe behavior, focusing on internal knowledge management without external network dependencies or obfuscated code.
- [DATA_EXPOSURE]: The skill identifies sensitive data as an anti-pattern and provides instructions to explicitly exclude proprietary or personal information during the workflow capture process (referenced in 'What to Capture' section).
- [COMMAND_EXECUTION]: The skill utilizes a local script (
scripts/package_skill.py) for package validation. This is a standard project-local utility and does not involve remote code execution or privilege escalation. - [PROMPT_INJECTION]: The skill ingests untrusted conversation data as its primary input. To mitigate indirect prompt injection, it implements a structured distillation process (Phase 4) that requires generalizing content and removing specific identifiers, effectively sanitizing the data before it is persisted as a new skill (Ingestion: Conversation history; Boundaries: Phase 4 generalization rules; Capabilities: File creation and local script execution; Sanitization: Explicit removal of hardcoded values and sensitive info).
Audit Metadata