skill-group
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for users to install sub-skills from the author's repository (https://github.com/wghust/stark-skills) using the npx skills add command.\n- [COMMAND_EXECUTION]: The skill performs file system operations, including reading existing SKILL.md files and writing new orchestrated SKILL.md files to the local skills/ directory. It also generates new instruction sets based on content from these external files.\n- [PROMPT_INJECTION]: As an orchestrator, the skill reads and executes instructions contained within external SKILL.md files. This creates an indirect prompt injection surface where a malicious or compromised sub-skill could potentially influence the agent's execution or the content of the generated group skill.\n
- Ingestion points: The agent reads content from skills//SKILL.md for each orchestrated sub-skill.\n
- Boundary markers: No specific boundary markers or 'ignore' instructions are used when processing sub-skill content to prevent embedded instruction overrides.\n
- Capability inventory: The skill can read/write files and execute natural language instructions extracted from sub-skill files.\n
- Sanitization: No sanitization or validation of the sub-skill instructions is performed before they are executed or interpolated into the newly generated group skill.
Audit Metadata