Skills
skills/patinaproject/skills/install-skills/Gen Agent Trust Hub

install-skills

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands (via npx) to interact with a CLI tool for listing and adding agent skills to the local repository.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the skills package from the npm registry and fetches content from external sources such as GitHub repositories (e.g., patinaproject/skills).
  • [SAFE]: The instructions explicitly include npm_config_ignore_scripts=true when running npx commands, which is a significant security control that prevents potentially malicious lifecycle scripts from running during the execution of the external package.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 11:17 AM
Security Audit — agent-trust-hub — install-skills