skill-seekers-ref
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a translator for untrusted external data, which introduces a risk of indirect prompt injection. Malicious instructions embedded in source documentation or repositories could be incorporated into the generated AI skill, potentially overriding the agent's behavior.\n
- Ingestion points: The tool ingests content from documentation URLs, GitHub repos, local files, PDFs, videos, and chat exports (documented in SKILL.md and references/cli-commands.md).\n
- Boundary markers: No explicit instruction-isolation or boundary markers are mentioned for the generated skill outputs.\n
- Capability inventory: The skill facilitates network operations (scraping/uploading), file system interactions (analysis/packaging), and execution of the skill-seekers CLI.\n
- Sanitization: There is no documentation regarding the sanitization or validation of the processed source content.\n- [COMMAND_EXECUTION]: The skill uses the 'skill-seekers' CLI to execute complex tasks such as codebase analysis, PDF extraction, and AI-driven enhancement. These tasks involve deep access to the user's environment and the ability to run long-running background processes via the --daemon flag.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'skill-seekers' package via pip and fetches data from various remote URLs and GitHub repositories to build skills.\n- [DATA_EXFILTRATION]: The skill is designed to upload processed artifacts to external platforms like Claude and OpenAI. It also accesses sensitive local information, such as private codebases and chat log exports, for its analysis and conversion processes.
Audit Metadata