Skills
skills/vgrss/acumen/update-acumen/Gen Agent Trust Hub

update-acumen

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the GitHub CLI (gh) to recursively fetch directory trees and file contents from the VGrss/Acumen repository.
  • [REMOTE_CODE_EXECUTION]: Files downloaded from the remote repository are written directly to .agents/skills/ and symlinked to .claude/skills/. Since these directories are typically used by agents to load and execute capabilities, this mechanism allows for the installation and subsequent execution of remote instructions and scripts.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the file system and installation process:
  • gh api calls to interact with the GitHub API.
  • base64 -d to decode the downloaded content.
  • cp -r to move files into the agent's configuration directories.
  • ln -sf to create symbolic links for the new skills.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 02:29 PM