skill-share
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides a surface for indirect injection by processing untrusted user input.
- Ingestion points: The skill ingests 'skill name' and 'description' from user prompts to generate documentation and Slack notifications.
- Boundary markers: None identified; the skill does not specify delimiters to separate untrusted metadata from generated script templates or Slack messages.
- Capability inventory: The skill has file-write permissions (to create directories and SKILL.md), archive creation capabilities (zip), and network access (SLACK_SEND_MESSAGE via Rube).
- Sanitization: No evidence of input validation or sanitization is present in the manifest to prevent malicious instructions in the description from influencing the agent or the Slack recipients.
- Data Exfiltration (LOW): The skill is designed to transmit local skill data to an external Slack workspace. While this is the intended functionality, it constitutes a data exposure risk if sensitive information is inadvertently included in the 'references/' or 'assets/' directories being packaged.
- Command Execution (LOW): The skill documentation mentions Python 3.7+ requirements and 'skill creation scripts'. While no specific shell commands are present in this manifest, the intended behavior involves the execution of local scripts and system utilities for packaging (zip) and directory management.
Audit Metadata