Skills
skills/sundial-org/awesome-openclaw-skills/skills-audit/Gen Agent Trust Hub

skills-audit

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing or running the 'skilllens' package via 'npx' or 'pnpm', which fetches code from the NPM registry. This tool is presented as the primary resource for the skill's stated purpose.
  • [COMMAND_EXECUTION]: The workflow involves running shell commands such as 'skilllens scan' and 'skilllens config' to perform audits of local directories.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface. 1. Ingestion points: Reads 'SKILL.md' and associated assets from local directories being audited. 2. Boundary markers: No explicit delimiters or 'ignore instructions' warnings are specified for the auditing process. 3. Capability inventory: Uses a CLI tool to scan file contents and generate risk reports. 4. Sanitization: No automated sanitization is described; the workflow relies on manual human review of the findings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:48 AM