Skills
skills/rheinmir/setup/sync-template/Gen Agent Trust Hub

sync-template

Pass

Audited by Gen Agent Trust Hub on Jun 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches template files, branch metadata, and repository information from the author's GitHub repository (https://github.com/Rheinmir/setup.git) using curl and the GitHub CLI (gh api).
  • [COMMAND_EXECUTION]: Shell commands are used to manage file systems, perform diffing between local and remote versions, and migrate directory structures (e.g., from skills/ to llmwiki/skills/).
  • [DATA_EXFILTRATION]: The skill includes a specific rule to NEVER sync .env, credentials, or business-specific documents, which serves as a safeguard against accidental data exposure during upstream synchronization.
  • [COMMAND_EXECUTION]: Step 7 involves writing markdown files with frontmatter to project-local and global user directories (~/.claude/skills/ and ~/.claude/commands/) to install them as native agent skills.
  • [PROMPT_INJECTION]: The skill incorporates a 'Step 5: Sync Plan Presentation' which mandates that the agent STOP and ask the user for confirmation before executing any file synchronization, providing a human-in-the-loop checkpoint.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 3, 2026, 04:49 AM
Security Audit — agent-trust-hub — sync-template