skill-installer

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/fetch_skills.py contains a hardcoded API key (sk_live_skillsmp_...) for the SkillsMP marketplace. Hardcoding credentials in shared code is a security risk, even if intended for public access.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from the GitHub API and skillsmp.com. This involves communicating with external community repositories to provide search results and deep-dive details.\n- [COMMAND_EXECUTION]: The skill uses subprocess.run to call the GitHub CLI (gh). This is used to perform authenticated API queries when the tool is installed in the user environment.\n- [PROMPT_INJECTION]: The skill exposes the agent to indirect prompt injection by retrieving and displaying the content of remote SKILL.md files from external repositories.\n
  • Ingestion points: The deep_dive function in scripts/fetch_skills.py retrieves file content from remote GitHub repositories.\n
  • Boundary markers: The skill uses basic separators like --- SKILL.md ---, but provides no explicit safety instructions to the agent regarding the remote content.\n
  • Capability inventory: The agent context has capabilities for command execution and file manipulation.\n
  • Sanitization: Remote content is displayed raw without sanitization or instruction-filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:39 PM
Security Audit — agent-trust-hub — skill-installer