Skills
skills/huangwb8/skills/install-bensz-skills/Gen Agent Trust Hub

install-bensz-skills

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from remote GitHub repositories defined in config.yaml. Sources include the author's own repositories and the official Anthropics skills repository.
  • [REMOTE_CODE_EXECUTION]: Content downloaded from remote sources is installed into system-level directories (~/.codex/skills and ~/.claude/skills), where it is subsequently loaded and executed by the AI agent.
  • [COMMAND_EXECUTION]: The scripts/install.py script uses subprocess.run to execute git for cloning repositories and python3 for running installation and cleanup tasks. It also mentions using the gh CLI for bug reporting.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it is designed to import external instructions (skills) into the agent's operating environment.
  • Ingestion points: Data is ingested via git clone from remote URLs specified in config.yaml and SKILL.md.
  • Boundary markers: No specific boundary markers or sanitization are applied to the instructions within the downloaded skills.
  • Capability inventory: The skill has capabilities for shell command execution (subprocess.run), file system modification (shutil.copytree, shutil.rmtree), and network access via git (in scripts/install.py).
  • Sanitization: The skill uses MD5 hashing for version control but does not perform content validation or sanitization of the installed instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 02:08 PM