skill-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to use local utilities like
lsandgrepto find and search through existing skill files stored in the user's local environment (~/.claude/skills/). - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and formalize content from potentially untrusted conversation sessions. * Ingestion points: The skill analyzes the current conversation history and session context to identify learning candidates. * Boundary markers: There are no technical delimiters used to separate the session data from the generated skill instructions. * Capability inventory: The skill possesses
Writeaccess to the filesystem (to save skills) andWebSearchcapabilities. * Sanitization: The skill relies on a manual quality assessment and requires explicit user confirmation (Step 2) before any data is saved to the persistent skill storage.
Audit Metadata