skill-share
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious instructions, obfuscation, or safety bypass attempts were found in the skill manifest.
- [DATA_EXFILTRATION]: The skill uses the Rube integration to share skill metadata on Slack. This is a documented core feature intended for team collaboration and does not constitute unauthorized data exfiltration.
- [PROMPT_INJECTION]: The skill accepts user-provided skill names and descriptions which are then used to generate files and Slack messages. 1. Ingestion points: Skill name and description inputs. 2. Boundary markers: Absent in the manifest. 3. Capability inventory: File writing and network messaging via Slack. 4. Sanitization: No sanitization methods are specified. This identifies a surface for indirect prompt injection in the generated output.
Audit Metadata