skill-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a security auditing tool that operates with restricted permissions (read-only) and no network access.
- [PROMPT_INJECTION]: While the skill body contains common injection phrases such as 'Ignore previous instructions' and 'System prompt override', these are explicitly documented as patterns for the auditor to detect in other skills, rather than active injection attempts aimed at the host agent.
- [DATA_EXFILTRATION]: The skill requests 'fileRead' but explicitly disables 'network', 'shell', and 'fileWrite' permissions, which effectively prevents data exfiltration and malicious file modification.
- [EXTERNAL_DOWNLOADS]: No external URLs or remote package installations are defined or requested in the skill metadata or body.
Audit Metadata