Skills
skills/picsart/gen-ai-skills/agency-client-handoff/Gen Agent Trust Hub

agency-client-handoff

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches a setup script for the official gen-ai-cli utility from the vendor's domain (picsart.com). This tool is required to verify that the packaged deliverables are reproducible.
  • [COMMAND_EXECUTION]: Uses standard shell commands (find, cp, mkdir, zip, unzip, jq) to structure the handoff bundle and filter internal metadata. It also executes a local Node.js script (scripts/extract-prompts.js) to process project data.
  • [REMOTE_CODE_EXECUTION]: The skill includes a setup instruction that pipes a script from https://picsart.com/gen-ai-cli/install.sh to a shell. This is a legitimate installation method for the vendor's own command-line interface and is consistent with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 12:52 AM
Security Audit — agent-trust-hub — agency-client-handoff