skill-hide
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill's primary functionality is to perform local file renames to enable or disable other skills, which is handled via standard Python file system modules.
- [COMMAND_EXECUTION]: The skill uses Python scripts to list directories and rename files. Analysis confirms these operations are strictly limited to the skill's stated purpose of managing 'SKILL.md' files and do not allow for arbitrary command execution.
- [DATA_EXPOSURE]: The skill records a history of operations and stores configuration paths in a local JSON file ('.skill-config.json'). This data remains local and does not include sensitive system credentials or private information.
- [PROMPT_INJECTION]: The 'SKILL.md' file contains instructions to the AI on how to handle specific user inputs and clarify ambiguous terms. These are standard prompt engineering techniques to improve reliability and do not attempt to bypass safety filters or override the core behavior of the AI agent.
Audit Metadata