add-skill
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
bashto create symbolic links (ln -s) and manipulate text in workflow files (grep,tail). It also performs file write operations to append new job definitions to.github/workflows/publish.yml. These jobs are configured to access thePUBLISH_TOKENsecret, which is a sensitive CI/CD operation. - [EXTERNAL_DOWNLOADS]: Uses the
bunxrunner to execute the@plaited/development-skillspackage for validating skill structures during the scaffolding process. - [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection through the use of untrusted user input (the skill name).
- Ingestion points: User input for the
<skill-name>placeholder is used in various file paths, shell commands, and YAML configurations inSKILL.mdandpublish.yml. - Boundary markers: None identified. The skill name is directly interpolated into commands and configuration files without delimiters.
- Capability inventory: Utilizes
Bashfor command execution andWrite/Editfor modifying sensitive project files like GitHub workflows. - Sanitization: None identified. The instructions do not specify any validation or sanitization for the skill name string before it is used in shell scripts or YAML blocks.
Audit Metadata