Skills
skills/openhands/extensions/add-skill/Gen Agent Trust Hub

add-skill

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/fetch_skill.py uses subprocess.run to execute Git operations including clone, sparse-checkout, and checkout. These are called with argument lists, which prevents shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill downloads directory contents from external GitHub repositories provided by the user.
  • [PROMPT_INJECTION]: The skill serves as a delivery mechanism for indirect prompt injection, as it allows the agent to download and install external SKILL.md instruction files.
  • Ingestion points: Files downloaded from external GitHub repositories.
  • Boundary markers: None identified.
  • Capability inventory: subprocess.run for system commands, shutil for file system manipulation.
  • Sanitization: The script verifies the presence of SKILL.md but does not validate or sanitize its content before installation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:58 PM
Security Audit — agent-trust-hub — add-skill