Skills
skills/moizibnyousaf/ai-agent-skills/share-a-library/Gen Agent Trust Hub

share-a-library

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill executes git add . followed by gh repo create --public --push. This sequence automatically stages all files in the current workspace and pushes them to a public repository. If the workspace contains sensitive files such as .env files, credentials, or private configuration that are not explicitly excluded by a .gitignore file, they will be publicly exposed.
  • [COMMAND_EXECUTION]: The skill uses shell commands to interact with the system and external services, specifically git, the GitHub CLI (gh), and npx.
  • [REMOTE_CODE_EXECUTION]: The skill invokes npx ai-agent-skills. The npx utility downloads and executes packages from the npm registry, which introduces an external dependency and a vector for remote code execution at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 04:17 PM