Skills
skills/michailbul/laniameda-skills/sync-plugin-skills/Gen Agent Trust Hub

sync-plugin-skills

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs a git pull from github.com/Michailbul/laniameda-skills to update local source files.
  • [REMOTE_CODE_EXECUTION]: Following the download, the skill executes a script from the repository (./install-skills.sh). While this originates from the skill author's infrastructure, it represents the execution of remote code.
  • [COMMAND_EXECUTION]: The skill executes various shell commands to manage files and build the plugin, including rm -rf, mkdir, cp, and zip. It also generates and runs a local build script (build-plugin.sh).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from a remote source.
  • Ingestion points: SKILL.md files and associated resources are pulled from the Michailbul/laniameda-skills repository.
  • Boundary markers: Absent. External content is integrated into the local plugin structure without delimiters or security warnings.
  • Capability inventory: The skill utilizes shell execution, file system modification, and network operations (via git).
  • Sanitization: No sanitization or validation of the remote content is performed before it is processed and incorporated into the agent's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 10:29 AM