Skills
skills/tyler-r-kendrick/agent-skills/skill-authoring/Gen Agent Trust Hub

skill-authoring

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill provides instructions for agents or users to execute local shell commands for token validation and compliance checking.
  • Evidence: npm run tokens -- check ... and npm run check are explicitly recommended in SKILL.md and references/CHECKLIST.md.
  • Context: These are intended for local development workflows and use-case specific validation.
  • [EXTERNAL_DOWNLOADS] (LOW): The documentation contains links to non-whitelisted external domains for technical specifications.
  • Evidence: Multiple links to https://agentskills.io/specification in SKILL.md and references/GUIDELINES.md.
  • [PROMPT_INJECTION] (LOW): The skill establishes an indirect prompt injection surface as its primary function is to ingest and review untrusted skill files created by users.
  • Ingestion points: Skill files (e.g., SKILL.md, references/*.md) passed to the agent for review or validation as seen in SKILL.md.
  • Boundary markers: None mentioned; the guide does not instruct the agent to ignore instructions embedded within the files it reviews.
  • Capability inventory: Subprocess execution via npm run commands.
  • Sanitization: No sanitization or escaping of the content of the reviewed files is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:45 PM