skill-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
uv runcommand to execute a local Python script (scripts/scan_skill.py) for automated security analysis. This is a standard and justified use of command execution for a security tool that performs file-based scanning. - [INDIRECT_PROMPT_INJECTION]: The skill has an indirect prompt injection surface because its primary function is to ingest and analyze untrusted content from other skills.
- Ingestion points: The agent reads the
SKILL.md, scripts, and directory contents of third-party skills provided by the user. - Boundary markers: The instructions establish a multi-phase workflow (Phases 1-8) to separate discovery, automated scanning, and manual analysis, though it lacks explicit technical delimiters for external content.
- Capability inventory: The skill has access to directory listing (
ls) and script execution (uv run). - Sanitization: The skill incorporates defensive instructions, explicitly warning the agent to distinguish between security documentation (legitimate) and active exploits (malicious), and provides structured reference patterns to guide the evaluation.
Audit Metadata