Skills
skills/horizon-continental/hct-skills/setup-all/Gen Agent Trust Hub

setup-all

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/setup_all.py script makes extensive use of subprocess.run with shell=True to perform system-level operations, including environment checks and package installations.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the automated download and installation of code from external sources using the npx skills add command.
  • [EXTERNAL_DOWNLOADS]: The skill fetches multiple dependencies from GitHub repositories, specifically from the horizon-continental organization.
  • [COMMAND_EXECUTION]: The script automatically triggers the execution of newly installed skills using the claude CLI, granting them a broad set of permissions including Bash(run scripts and commands), Read, Write, and Edit.
  • [DATA_EXPOSURE]: The manifest includes several skills (e.g., web-search-mcp, remove-feishu-mcp) designed to programmatically access and modify sensitive local data, such as ~/.claude.json and API credentials.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 10:54 AM