arn-infra-discover
This skill should be used when the user says "discover tools", "infra discover", "arn infra discover", "arn-infra-discover", "audit tools", "check installed tools", "what tools do I have", "scan for MCPs", "check provider tools", "tool discovery", "discover infrastructure tools", "check my setup", "infra tooling", or wants to audit their installed infrastructure tools (MCPs, CLIs, Claude Code plugins), check authentication state, search for new official tools online, and produce a tooling manifest for the infrastructure workflow.
80
76%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/arn-infra/skills/arn-infra-discover/SKILL.mdSecurity
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.80). The skill's Phase B ("Online Check for New Official Tools (WebSearch)") explicitly instructs the agent to perform web searches and ingest findings from open/public sites (search results) to update recommendations and the tooling manifest, so untrusted third‑party content can influence subsequent decisions and actions.
- Repository
- AppsVortex/arness
- Commit
1fe948f
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.