learn
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches skill data (SKILL.md content and referenced files) from the agentskill.sh API to install them locally. This is the primary intended function of the skill. Downloads originate from the vendor's own infrastructure.
- [COMMAND_EXECUTION]: The skill uses local shell commands (
mkdir -p, writing to files) to install skills into platform-specific directories (e.g.,.claude/skills/). It also invokes security tools likeuvx mcp-scan,trufflehog, andgitleaksto audit skills. - [DATA_EXFILTRATION]: The skill reads project metadata (such as
package.jsonand git branch names) to provide context-aware skill recommendations. It sends search queries and install tracking data to agentskill.sh. Feedback and ratings are also submitted to the vendor's API. - [PROMPT_INJECTION]: While
references/SECURITY.mdcontains numerous prompt injection strings (e.g., 'ignore previous instructions'), these are explicitly part of a detection pattern library for the built-in scanner and are not instructions for the agent to execute. Static analysis flags are confirmed as false positives in this context. - [DYNAMIC_EXECUTION]: The skill is designed to manage and deploy executable instructions (skills). It includes a multi-phase security scan (Phase 0-5) to mitigate the risk of installing malicious content, featuring static text analysis, secret scanning, and dependency checks.
Audit Metadata