Skills
skills/tkarakai/ai-agent-instruction-templates/list-templates/Gen Agent Trust Hub

list-templates

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill initiates a network request to an external GitHub repository (tkarakai/ai-agent-instruction-templates) to retrieve file metadata. This repository is not within the defined list of trusted organizations or repositories, making the source unverifiable.
  • COMMAND_EXECUTION (LOW): The skill executes a bash command string containing curl, grep, and sed. While the command is used for data extraction and not for direct system modification or remote script execution (e.g., piping to bash), it still represents a shell execution surface.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted data from a remote API (GitHub contents). There is a surface for indirect prompt injection if an attacker controls the repository and uses malicious file names that could influence the behavior of the agent when it displays or subsequently 'loads' these templates.
  • Ingestion points: GitHub API response (api.github.com/repos/tkarakai/...)
  • Boundary markers: None present; the agent parses the raw output of the shell command.
  • Capability inventory: Uses curl for network access and grep/sed for string processing.
  • Sanitization: Minimal sanitization via sed to extract specific substrings, but no validation of the actual content retrieved.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:47 PM