skill-validator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's functionality is limited to read-only validation of local files and directories as requested by the user.- [SAFE]: The script validate_skill.py uses yaml.safe_load() to parse frontmatter, which prevents the execution of arbitrary code via malicious YAML tags.- [SAFE]: No network operations, credential access, or persistence mechanisms were found in the provided code.- [PROMPT_INJECTION]: The skill processes external manifest files (SKILL.md) which creates a surface for indirect prompt injection.
- Ingestion points: The script reads the content of SKILL.md from user-provided directory paths.
- Boundary markers: The validator generates a report but does not explicitly wrap untrusted content in delimiters.
- Capability inventory: The skill is restricted to local file reads and does not have command execution or network capabilities.
- Sanitization: It implements regex-based validation for specific fields and uses secure YAML parsing.
Audit Metadata