CtrlK
BlogDocsLog inGet started
Tessl Logo

skill-porter

Converts Claude Code skills to Gemini CLI extensions and vice versa. Use when the user wants to make a skill cross-platform compatible, port a skill between platforms, or create a universal extension that works on both Claude Code and Gemini CLI.

Invalid
This skill can't be scored yet
Validation errors are blocking scoring. Review and fix them to unlock Quality, Impact and Security scores. See what needs fixing →
SKILL.md
Quality
Evals
Security

Security

1 medium severity finding. This skill can be installed but you should review these findings before use.

Medium

W011: Third-party content exposure detected (indirect prompt injection risk)

What this means

The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (high risk: 0.80). The skill includes code to clone arbitrary repositories (src/optional-features/fork-setup.js -> _cloneRepository uses `git clone <repoUrl>`) and README/CLI flows show it can accept remote repo URLs, after which the converters parse and act on the repository files (SKILL.md, gemini-extension.json, commands, etc.), meaning untrusted, user-generated third‑party content is fetched and directly influences conversion, validation, PR/fork operations.

Report incorrect finding
Repository
Demerzels-lab/elsamultiskillagent
Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.