Skills
skills/tbsten/mir/mir-extract-snippet/Gen Agent Trust Hub

mir-extract-snippet

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses npx mir to execute commands for creating, syncing, and installing snippets. These operations are performed locally as part of the snippet management workflow.\n- [EXTERNAL_DOWNLOADS]: Uses npx to fetch and run the mir package from the official npm registry.\n- [PROMPT_INJECTION]: The skill processes untrusted code from the user's project, creating an indirect prompt injection surface. \n
  • Ingestion points: Project source code and configuration files as described in the extraction steps in SKILL.md.\n
  • Boundary markers: Absent; the skill does not use specific delimiters to isolate untrusted content during processing.\n
  • Capability inventory: File system access and command execution via the mir CLI.\n
  • Sanitization: None; the skill does not sanitize the content or logic of the ingested code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 01:58 PM