skill-manager

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands including curl, jq, zip, and unzip, along with Python scripts for JSON manipulation. These commands are used to package skills, manage local files in /tmp, and communicate with the API.
  • [CREDENTIALS_UNSAFE]: The skill accesses local authentication configuration at /home/user/.rebyte.ai/auth.json and uses a local helper /home/user/.local/bin/rebyte-auth to obtain API tokens. This is standard behavior for accessing the vendor's platform.
  • [EXTERNAL_DOWNLOADS]: The skill downloads skill packages from the Rebyte API for inspection or rollback purposes. These downloads originate from the vendor's infrastructure.
  • [DATA_EXFILTRATION]: Local skill files are uploaded to the Rebyte API during the publishing workflow. This is a legitimate function for version control and skill distribution within the organization.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:39 PM
Security Audit — agent-trust-hub — skill-manager