Skills
skills/athola/claude-night-market/service-registry/Gen Agent Trust Hub

service-registry

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run with shlex.split to execute commands defined in ServiceConfig. In modules/execution-patterns.md, the build_command function uses .format() to inject prompts and file paths directly into command strings, which can lead to command injection if the input is not strictly validated.
  • [COMMAND_EXECUTION]: The ServiceConfig includes fields for auth_check_cmd and health_check_cmd, which are designed to execute arbitrary shell commands to verify service status.
  • [EXTERNAL_DOWNLOADS]: The skill references an external library leyline.service_registry and mentions dependencies like quota-management and usage-logging. These appear to be internal or vendor-specific modules, but they represent a dependency on external logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 06:22 AM
Security Audit — agent-trust-hub — service-registry