skill-hunter
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on and provides scripts for executing local shell commands such as gh, jq, and base64 to manage search results and files.
- [EXTERNAL_DOWNLOADS]: The skill fetches files from unverified external GitHub repositories discovered through keyword searches.
- [REMOTE_CODE_EXECUTION]: The skill automates the downloading of external markdown files that represent agent logic, creating a pathway for malicious code to be introduced into the agent's environment.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from untrusted data sources. Ingestion points: Data is fetched via 'gh api' in SKILL.md and multiple provided scripts. Boundary markers: No delimiters or protective instructions are included to prevent the agent from obeying instructions within downloaded content. Capability inventory: The skill utilizes file writing, directory creation, and shell command execution. Sanitization: No validation or sanitization of the content from GitHub is performed before it is processed or stored.
Audit Metadata