yao-open-skills-sync
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses python3 to run local scripts (register_skill.py and render_readme_catalog.py) for managing the skill registry and generating documentation. It also uses shell commands for Git operations like committing and pushing changes.
- [DATA_EXFILTRATION]: The workflow involves pushing code to a public GitHub repository. Security is maintained through specific instructions requiring the agent to audit the code for private keys, tokens, and sensitive data before it is added to the public collection.
- [PROMPT_INJECTION]: The skill is designed to process and analyze the content of other skills being imported. This creates a surface for indirect prompt injection, which the skill mitigates by instructing the agent to perform a safety review and sanitization of the intake material. Evidence: Ingestion point (SKILL.md of source skill), Boundary markers (Instruction to inspect and watch for secrets), Capability inventory (python3 execution, git push), Sanitization (Instruction to remove sensitive logic).
Audit Metadata