Skills
skills/duc01226/easyplatform/skill-add/Gen Agent Trust Hub

skill-add

Warn

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the user-supplied argument '$1' directly in the file path '.claude/skills/$1'. This lack of sanitization allows for potential path traversal attacks where an attacker could influence the agent to write files to restricted directories using sequences like '../'.- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to install the 'repomix' utility if it is not already available. While 'repomix' is a known tool, the practice of installing external software at runtime introduces a dependency on external registries.- [PROMPT_INJECTION]: The skill is designed to ingest and process data from external documentation URLs and GitHub repositories, which creates a vector for indirect prompt injection.
  • Ingestion points: External URLs and GitHub repositories processed by the 'Explore' subagent.
  • Boundary markers: None. The instructions do not specify any delimiters or safety warnings to isolate content from these external sources.
  • Capability inventory: File system access (writing files), command execution (repomix), and subagent management.
  • Sanitization: No sanitization or validation logic is defined for the external content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 10, 2026, 07:25 AM
Security Audit — agent-trust-hub — skill-add