skill-audit
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill functions as a development utility for auditing other skills. It does not exhibit any malicious behaviors such as credential theft, persistence, or data exfiltration. All file access and command execution are directly related to its stated purpose.
- [EXTERNAL_DOWNLOADS]: The skill uses
npx tesslto perform its primary auditing function.npxis a standard utility that downloads and runs packages from the npm registry. This is a functional dependency for the skill's audit loop. - [COMMAND_EXECUTION]: The skill's workflow includes executing shell commands (e.g.,
npx tessl skill review) to trigger the Tessl evaluation tool. These commands are necessary for the skill's operation and are appropriately scoped to the audit process. - [PROMPT_INJECTION]: As an audit tool that reads other skills, there is an inherent surface for indirect prompt injection, where instructions in the audited skill could try to manipulate the auditor. However, the skill provides a clear, evidence-based methodology that relies on external CLI tool output, reducing the risk of accidental obedience to instructions in the audited data.
Audit Metadata