skill-factory
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/install-skill-seekers.shscript clones a third-party repository from a personal account (yusufkaraaslan/Skill_Seekers) that is not identified as a trusted vendor or well-known service.\n- [REMOTE_CODE_EXECUTION]: The skill installs external Python packages usingpipfrom the downloaded repository and executes scripts contained within it to perform documentation scraping.\n- [COMMAND_EXECUTION]: TheSKILL.mdand reference files (e.g.,references/skill-seekers-integration.md) instruct the agent to run multiple shell commands, includingbash,git, andpython3, to manage the creation process.\n- [PROMPT_INJECTION]: The skill exposes an [INDIRECT_PROMPT_INJECTION] surface as it is designed to scrape untrusted external websites and documents and use their content to generate instructions for AI agents.\n - Ingestion points: User-specified URLs, GitHub repositories, and PDF files.\n
- Boundary markers: No boundary markers or instructions to ignore embedded commands are included in the processing pipeline.\n
- Capability inventory: The agent can write to the local filesystem and execute subprocesses.\n
- Sanitization: Scraped content is not sanitized or validated before being incorporated into the generated
SKILL.mdfiles.
Audit Metadata