using-skillshub
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to use the
skillshubCLI to perform administrative tasks, including installing instruction sets, creating symlinks in agent configuration directories (e.g.,~/.claude/skills/), and managing local caches. - [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of remote content from GitHub and Gists. These downloads are directed to the vendor's repository (
EYH0602/skillshub) or user-specified URLs to fetch new skills. - [PROMPT_INJECTION]: The skill acts as a manager for external instructions, which introduces an indirect prompt injection surface.
- Ingestion points: External skills are ingested from GitHub URLs and Gists through commands like
skillshub addandskillshub tap add. - Boundary markers: The instructions do not specify boundary markers or 'ignore' instructions for the content of the downloaded files.
- Capability inventory: The skill leverages CLI access to modify file systems and perform network operations via the
skillshubtool. - Sanitization: There is no mention of sanitizing or validating the content of the external
SKILL.mdfiles before they are linked into the agent's environment.
Audit Metadata