skill-seekers
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to read sensitive local data, including entire codebases and private GitHub repositories, to process and package them for upload to external AI platforms (Claude, Gemini, OpenAI). Although this is the intended functionality, it constitutes a data exfiltration pipeline if redirected or misused.
- [COMMAND_EXECUTION]: The skill relies on the
skill-seekersCLI tool, which performs extensive system operations such as directory analysis, scraping documentation, and managing local agent configurations. - [EXTERNAL_DOWNLOADS]: The documentation instructs users to install a third-party package (
pip install skill-seekers) which is necessary for the skill's functionality but introduces a dependency on external code. - [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because its core workflow involves scraping and analyzing untrusted external content (websites, GitHub repositories, PDFs, and videos) to generate AI instructions.
- Ingestion points: External URLs, GitHub repositories, and local file paths specified in
SKILL.mdand configuration files. - Boundary markers: None explicitly documented in the provided files to separate untrusted content from the generator's instructions.
- Capability inventory: File system read/write, network scraping, API interaction with LLM providers, and local agent installation.
- Sanitization: No evidence of content sanitization or instruction filtering is provided in the documentation.
Audit Metadata