skill-share
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill presents a significant attack surface by taking untrusted user data (skill names and descriptions) and using it to generate persistent files and external notifications.
- Ingestion points: User-provided skill name and description inputs.
- Boundary markers: None documented for isolating untrusted user content from the skill creation logic.
- Capability inventory: File system write access, directory creation, ZIP packaging, and network communication via Slack integration (Rube).
- Sanitization: No input validation or sanitization is mentioned to prevent injection into the generated SKILL.md or the Slack message blocks.
- [No Code Provided] (LOW): Only the documentation (SKILL.md) was provided for analysis. The actual security posture of the tool depends on the underlying Python scripts and Slack integration logic which were not available for review.
Recommendations
- AI detected serious security threats
Audit Metadata