Skills
skills/learnwy/skills/project-skill-installer/Gen Agent Trust Hub

project-skill-installer

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves packages from external registries, including the community-maintained skills.sh and ByteDance's official internal registry.
  • [COMMAND_EXECUTION]: Utilizes npx subprocesses to search for and install new skill packages into the project environment.
  • [SAFE]: Implements a mandatory AskUserQuestion workflow, ensuring that no code is downloaded or installed without explicit user review and multi-selection confirmation.
  • [SAFE]: Strictly enforces project-relative path discovery, explicitly rejecting attempts to install skills globally or outside the verified project root.
  • [SAFE]: Utilizes ByteDance's official package registry for internal skill discovery, which is an established and well-known technology service.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:02 PM