skill-installer
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
scripts/fetch_skills.pycontains a hardcoded API key (sk_live_skillsmp_...) for the SkillsMP marketplace. Hardcoding credentials in shared code is a security risk, even if intended for public access.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from the GitHub API andskillsmp.com. This involves communicating with external community repositories to provide search results and deep-dive details.\n- [COMMAND_EXECUTION]: The skill usessubprocess.runto call the GitHub CLI (gh). This is used to perform authenticated API queries when the tool is installed in the user environment.\n- [PROMPT_INJECTION]: The skill exposes the agent to indirect prompt injection by retrieving and displaying the content of remoteSKILL.mdfiles from external repositories.\n - Ingestion points: The
deep_divefunction inscripts/fetch_skills.pyretrieves file content from remote GitHub repositories.\n - Boundary markers: The skill uses basic separators like
--- SKILL.md ---, but provides no explicit safety instructions to the agent regarding the remote content.\n - Capability inventory: The agent context has capabilities for command execution and file manipulation.\n
- Sanitization: Remote content is displayed raw without sanitization or instruction-filtering.
Audit Metadata