skill-builder
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill searches and downloads content from external ecosystems as defined in references/remote-sources.md, specifically targeting playbooks.com and GitHub repositories.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. (1) Ingestion points: remote research and a downloaded corpus from external URLs. (2) Boundary markers: absent; no delimiters or 'ignore-instructions' warnings are used when processing third-party skills. (3) Capability inventory: command execution (tree), file reading, and artifact synthesis (file write). (4) Sanitization: absent; evidence is distilled and incorporated into output without validation or escaping.
- [COMMAND_EXECUTION]: The skill requires running the 'tree' command on the local workspace to establish an evidence set, providing visibility into the environment's file structure as seen in SKILL.md and references/research-workflow.md.
Audit Metadata