agentaudit-skill
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The primary installation method for the skill involves a one-line command that fetches a shell script from the author's official GitHub repository and pipes it directly to the bash interpreter.
- [PROMPT_INJECTION]: The SKILL.md file contains strong directive language stating that the security gate rules override all other instructions to ensure the agent performs necessary audits before any package installation.
- [EXTERNAL_DOWNLOADS]: The skill's auditing tools automatically download external repository content and package metadata to the local filesystem to facilitate static security analysis.
- [DATA_EXFILTRATION]: The system includes tools for the agent to upload generated audit reports, including metadata and potential security findings, to the public registry at agentaudit.dev.
- [COMMAND_EXECUTION]: Various scripts within the skill execute shell commands such as git clone, npm pack, and python utility snippets to manage package downloads, integrity checks, and metadata extraction.
Audit Metadata