Skills
skills/fsxiaoke/sharecrm-skillhub/sharedev-init/Gen Agent Trust Hub

sharedev-init

Warn

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on various shell commands for its core functionality, including rsync for file synchronization and grep/perl for searching and modifying files.
  • [REMOTE_CODE_EXECUTION]: The skill executes npm install -g @share-crm/sharedev-cli to install a global command-line tool. Global package installations can execute arbitrary scripts during the installation process.
  • [EXTERNAL_DOWNLOADS]: The sharedev CLI is used to pull documents, code components (PWC), and APL scripts from remote servers, introducing external content into the local development environment.
  • [CREDENTIALS_UNSAFE]: The skill processes sensitive information from a settings.json file, including a certificate field (described as an API token), which is then used as a parameter for CLI commands.
  • [DYNAMIC_EXECUTION]: The skill uses perl to perform automated in-place edits on existing markdown files belonging to other skills (sharedev-apl-implement and sharedev-apl-code-review). While intended for path correction, this mechanism allows for the dynamic modification of agent instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 10:08 AM