Skills
skills/thinkfleetai/thinkfleet-engine/skills-audit/Gen Agent Trust Hub

skills-audit

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Recommends installing the skilllens CLI tool via npx, pnpm dlx, or global installation. This tool is a functional dependency for the skill's purpose.
  • [REMOTE_CODE_EXECUTION]: Recommends the use of npx skilllens scan, which downloads and executes code from the NPM registry at runtime.
  • [COMMAND_EXECUTION]: Executes shell commands via the skilllens CLI, including skilllens scan and skilllens config, to interact with the local filesystem and configuration.
  • [PROMPT_INJECTION]: Susceptible to indirect prompt injection (Category 8) because the skill's workflow involves reading and analyzing untrusted content from other agent skills.
  • Ingestion points: Reads SKILL.md and bundled resources from specified filesystem paths during an audit.
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to treat the audited content as data-only.
  • Capability inventory: Possesses shell execution capabilities through the skilllens tool.
  • Sanitization: No sanitization or filtering of the content being audited is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:14 AM