Skills
skills/petr-korobeinikov/skills/npx-skills/Gen Agent Trust Hub

npx-skills

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of agent skills from external GitHub repositories using the npx skills tool. It references the official repository at https://github.com/vercel-labs/skills, which is maintained by a trusted organization.
  • [COMMAND_EXECUTION]: The skill generates shell commands for installing and updating skills, such as npx skills add <source> --skill '*' --copy -a claude-code -y. It includes a mandatory safety step requiring the agent to wait for user confirmation before executing any commands.
  • [DATA_EXPOSURE]: The skill reads project-level (skills-lock.json) and global (~/.agents/.skill-lock.json) configuration files to manage skill metadata. It does not access sensitive system files or credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:28 AM
Security Audit — agent-trust-hub — npx-skills