Skills
skills/ecnu-icalk/autoskill-skill/autoskill/Gen Agent Trust Hub

autoskill

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the ripgrep (rg) command-line utility for searching local skill folders and uses python3 to execute helper scripts (e.g., init_skill.py) from associated tools.
  • [EXTERNAL_DOWNLOADS]: Utilizes npx skills find for discovering skills in external repositories, which involves downloading and executing content from the npm registry.
  • [DATA_EXFILTRATION]: Performs skill discovery searches via https://skills.sh/ using queries generated from the user's session, which may transmit session context to the external search service.
  • [SAFE]: Implements a mandatory 'Confirmation Gate' requiring the agent to show exact file paths and full diffs for user approval before creating, updating, or deleting any local files.
  • [SAFE]: Explicitly commands the agent to redact all secrets, credentials, private URLs, and personal data from any extracted content before it is saved or presented to the user, mitigating risks of data exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 04:02 AM
Security Audit — agent-trust-hub — autoskill