Skills
skills/teachingai/full-stack-skills/skill-installer/Gen Agent Trust Hub

skill-installer

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. The search_skills and getMarketplaceSkills functions read SKILL.md files from paths defined in an external marketplace.json file. It extracts the name and description metadata from these files and returns them to the agent context.
  • Ingestion points: index.ts reads content from SKILL.md files located at paths specified in ../../../.claude-plugin/marketplace.json.
  • Boundary markers: Absent. The parsed metadata is returned as a raw JSON string to the agent.
  • Capability inventory: The skill has permissions to read and write to the local filesystem (fs.readFile, fs.writeFile, fs.access).
  • Sanitization: Absent. The code naively extracts strings from lines starting with '#' or the first non-header line without any validation or escaping of the content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 10:43 AM