Skills
skills/nangongwentian-fe/jay-skills/sync-skill-to-jay/Gen Agent Trust Hub

sync-skill-to-jay

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard shell commands (find, cp, rm, git) to manage local skill files. These operations are restricted to the user's home directory and the identified repository path.
  • [EXTERNAL_DOWNLOADS]: The skill clones a repository from GitHub (https://github.com/nangongwentian-fe/jay-skills.git). This is a documented vendor resource belonging to the skill author.
  • [REMOTE_CODE_EXECUTION]: The skill uses npx skills add to re-install a skill from a remote repository. This is the intended mechanism for the agent framework to manage and optimize skill installation (e.g., via symlinking).
  • [DATA_EXFILTRATION]: The skill pushes local skill content to a remote Git repository. This behavior is the primary stated purpose of the skill and requires an explicit 'yes' from the user before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 04:30 AM