skill-manager
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands including
curl,jq,zip, andunzip, along with Python scripts for JSON manipulation. These commands are used to package skills, manage local files in/tmp, and communicate with the API. - [CREDENTIALS_UNSAFE]: The skill accesses local authentication configuration at
/home/user/.rebyte.ai/auth.jsonand uses a local helper/home/user/.local/bin/rebyte-authto obtain API tokens. This is standard behavior for accessing the vendor's platform. - [EXTERNAL_DOWNLOADS]: The skill downloads skill packages from the Rebyte API for inspection or rollback purposes. These downloads originate from the vendor's infrastructure.
- [DATA_EXFILTRATION]: Local skill files are uploaded to the Rebyte API during the publishing workflow. This is a legitimate function for version control and skill distribution within the organization.
Audit Metadata