skill-generate
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process untrusted content from external sources.
- Ingestion points: Step 2b and the Regeneration mode explicitly instruct the agent to search and read GitHub issues and discussions.
- Boundary markers: There are no instructions to use delimiters or 'ignore' directives when processing the fetched community content.
- Capability inventory: The skill's output is a
SKILL.mdfile intended to be loaded into the context window of other AI agents, potentially propagating malicious instructions found in the source material. - Sanitization: The instructions lack a verification or sanitization step to ensure that content extracted from GitHub does not contain adversarial instructions meant to hijack the downstream agent's behavior.
- [EXTERNAL_DOWNLOADS]: The skill fetches source documentation and community feedback (issues/discussions) from GitHub repositories. This is a standard operation for the skill's purpose and targets a well-known service.
Audit Metadata