skill-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze external files and directories provided by users, making it susceptible to indirect prompt injection. Malicious instructions embedded in the reviewed skills could attempt to manipulate the auditing process. Evidence: Workflow instructions in SKILL.md.
- Ingestion points: User-provided file contents and skill directory paths (SKILL.md).
- Boundary markers: Absent; instructions do not contain markers to isolate external data from instructions.
- Capability inventory: Shell command execution (cat, grep, head) and folder structure inspection (SKILL.md).
- Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: Recommends the installation and use of the 'molthub' package via npx for skill installation and auditing, which is a third-party dependency not included in the trusted vendors list (SKILL.md).
- [COMMAND_EXECUTION]: Employs standard system utilities such as grep, head, and cat to analyze the content and structure of skill files for compliance (SKILL.md).
Audit Metadata