creating-effective-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No instructions to bypass safety filters or ignore prior instructions were found. The skill uses standard instructional language to define its own behavior.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths detected. The skill correctly advises on using specific, non-destructive tool permissions and warns against broad permissions like
Bash(git:*). - Remote Code Execution (SAFE): The skill does not contain executable code, download scripts from external sources, or execute remote commands.
- Privilege Escalation (SAFE): No attempts to acquire elevated permissions (sudo, chmod) detected. The skill explicitly encourages least-privilege principles for Bash tool usage.
- Indirect Prompt Injection (SAFE): While the skill processes user input to generate new files, it includes mandatory clarification steps and scope validation (Steps 1 and 2), which serve as effective mitigations against processing malicious data blindly.
Audit Metadata