skill-snitch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): As a security scanner, the skill is naturally exposed to indirect prompt injection from the untrusted skill code it analyzes.
- Ingestion points: External skill data via FETCH-SCAN (URL) and AUDIT (File path) methods in CARD.yml.
- Boundary markers: Uses a structured methodology (SCAN-METHODOLOGY.md) and distinct analysis phases (Bash pattern matching vs. LLM semantic review) to isolate untrusted data from the audit logic.
- Capability inventory: File system access and shell execution are performed via the cursor-mirror dependency to facilitate auditing.
- Sanitization: The skill is specifically designed to detect and ignore deceptive claims ('The German toilet approach') made by the analyzed content, treating analyzed text as data to be evaluated rather than instructions to follow.
- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): The skill requires cursor-mirror to function. It uses network access to fetch remote skills from GitHub for auditing via the FETCH-SCAN method. These activities are essential for its purpose as a security tool and involve processing content within the LLM's context rather than direct execution on the host machine.
- Category 2: Data Exposure & Exfiltration (SAFE): The skill includes numerous patterns for detecting credentials and data exfiltration (e.g., in patterns/secrets.yml and patterns/exfiltration.yml). These are signatures used for detection, not functional exfiltration code. No hardcoded credentials for the skill itself were found.
Audit Metadata