yao-doctor-skill

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a Python-based analysis engine (scripts/scan_security_skills.py) which uses the ast module to perform semantic dataflow tracking and identify potential security risks in other codebases.
  • [EXTERNAL_DOWNLOADS]: The detection engine is configured to identify downloads from untrusted sources such as paste sites and shortlinks. Correspondingly, the evaluation suite (evals/pressure_suite/) includes fixtures that fetch content from services like paste.rs to verify detection efficacy.
  • [REMOTE_CODE_EXECUTION]: The skill includes test fixtures and documentation that describe or implement remote code execution patterns. For example, evals/pressure_suite/remote-updater/ contains logic to download and execute Python code, and scripts/build_public_example_report.py generates mock report data containing shell-piping commands (curl | sh). These are used exclusively for benchmarking the scanner.
  • [DATA_EXFILTRATION]: The evals/ directory contains deliberate exfiltration patterns, such as reading sensitive SSH keys from ~/.ssh/id_rsa and sending the data to external endpoints (e.g., Slack webhooks). These functions are part of a 'pressure suite' designed to test the scanner's ability to detect source-to-sink exfiltration chains.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 04:01 AM
Security Audit — agent-trust-hub — yao-doctor-skill