Skills
skills/aiskillstore/marketplace/share-skill/Gen Agent Trust Hub

share-skill

Fail

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands including sed, jq, and redirection to modify the agent's internal configuration file at ~/.claude/settings.json.
  • [COMMAND_EXECUTION]: The skill utilizes mv, ln, and find to manipulate files within the sensitive ~/.claude/ directory, moving them into Git repositories.
  • [CREDENTIALS_UNSAFE]: The skill explicitly targets the modification of ~/.claude/settings.json, which contains the agent's security and permission settings.
  • [DATA_ESCALATION]: The /share-skill allow command is a privilege escalation attempt that instructs the agent to add the skill's own command patterns to the permissions.allow list, thereby suppressing future security confirmation prompts for the user.
  • [DATA_EXFILTRATION]: The skill's primary function is to move internal configuration and logic files from the agent's local directory to remote Git repositories (e.g., GitHub, GitLab), which could lead to the unintended exposure of private data.
  • [PROMPT_INJECTION]: The skill package includes evaluation.json and skill-report.json files that contain pre-fabricated safety verdicts and false positive claims. These are self-referential attempts to influence automated security analysis and bypass detection of its underlying behaviors.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 07:18 AM
Security Audit — agent-trust-hub — share-skill