skill-laws
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious instructions, obfuscation techniques, or data exfiltration attempts were detected. The skill operates within the expected local environment boundaries for skill management.
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard shell commands such as
mkdir -pandLSto manage the.skills/directory structure. These actions are used for local workspace organization and do not involve privilege escalation or risky parameter passing. - [SAFE]: An indirect prompt injection surface exists as the skill reads and processes external SKILL.md files for optimization and evaluation. Ingestion points: Target SKILL.md files read via the
Readtool. Boundary markers: None explicitly defined. Capability inventory:mkdir,Write,Read,SearchReplace, andLS. Sanitization: None identified. This surface is considered safe given the skill's context as a structural auditing tool that does not execute the contents of the files it reads.
Audit Metadata