Skills
skills/wojons/skills/hypercognitive-skill-compiler/Gen Agent Trust Hub

hypercognitive-skill-compiler

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references documentation and tools from well-known and trusted sources, including agentskills.io, opencode.ai, and the Vercel Labs repository on GitHub (github.com/vercel-labs/skills). These are documented as official resources for the Agent Skills ecosystem.
  • [COMMAND_EXECUTION]: The skill includes two utility Bash scripts (scripts/generate-skill-template.sh and scripts/validate-bundle.sh). These scripts use standard system utilities such as sed, awk, find, and grep to automate the creation and validation of skill packages. They include proper error handling (set -e) and do not execute external code.
  • [PROMPT_INJECTION]: The skill processes untrusted user input via the SKILL_REQUEST_BUNDLE parameter, which is a potential surface for indirect prompt injection.
  • Ingestion points: Data enters through the SKILL_REQUEST_BUNDLE in SKILL.md.
  • Boundary markers: The skill uses markdown headers and specific block structure (e.g., ## 1. SKILL.md) to isolate the generated output.
  • Capability inventory: The skill uses search tools (searxng) for research and generates executable Bash scripts as part of its output.
  • Sanitization: The skill explicitly includes defensive logic such as mode_prompt_injection_defense, mode_security_threat_model, and mode_quality_gates_design to harden the generated skill against malicious input.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 10:29 AM