best-practice-guide
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses several bash scripts (analyze-docs.sh, generate-guide.sh, integrate-guide.sh) to perform file system operations, including directory creation and the modification of existing project files like AGENTS.md and CLAUDE.md.\n- [COMMAND_EXECUTION]: The
generate-guide.shscript dynamically creates new shell scripts (e.g., check-topic.sh) and useschmod +xto make them executable, which is a necessary but sensitive operation for creating new functional skills.\n- [EXTERNAL_DOWNLOADS]: The skill is designed to interact with external search tools (such as searxng) to fetch research data from the internet, which is then used to synthesize guides and scripts.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from the web and internal files.\n - Ingestion points: External data is fetched via web search tools; internal data is read from AGENTS.md, package.json, and other configuration files.\n
- Boundary markers: The generated documentation and skills do not include boundary markers or explicit instructions to ignore potentially malicious embedded content within the synthesized guides.\n
- Capability inventory: Across its scripts, the skill has the capability to write to the filesystem, create executable scripts, and modify existing agent documentation.\n
- Sanitization: While the
TOPICparameter is validated to prevent directory traversal attacks, there is no evidence of sanitization or validation of the content retrieved from external websites before it is interpolated into new project files.
Audit Metadata