using-skillshub

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to use the skillshub CLI to perform administrative tasks, including installing instruction sets, creating symlinks in agent configuration directories (e.g., ~/.claude/skills/), and managing local caches.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of remote content from GitHub and Gists. These downloads are directed to the vendor's repository (EYH0602/skillshub) or user-specified URLs to fetch new skills.
  • [PROMPT_INJECTION]: The skill acts as a manager for external instructions, which introduces an indirect prompt injection surface.
  • Ingestion points: External skills are ingested from GitHub URLs and Gists through commands like skillshub add and skillshub tap add.
  • Boundary markers: The instructions do not specify boundary markers or 'ignore' instructions for the content of the downloaded files.
  • Capability inventory: The skill leverages CLI access to modify file systems and perform network operations via the skillshub tool.
  • Sanitization: There is no mention of sanitizing or validating the content of the external SKILL.md files before they are linked into the agent's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 03:31 AM
Security Audit — agent-trust-hub — using-skillshub