skill-search
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs git clone operations and web fetching from multiple third-party GitHub repositories and external websites (e.g., skillsmp.com) that are not on the trusted vendors list.
- [REMOTE_CODE_EXECUTION]: The skill automates the installation of arbitrary code by copying files from remote repositories directly into the agent's persistent skill directories (~/.claude/skills/ and ~/clawd/skills/). This allows for the execution of third-party code that has not been verified or sanitized.
- [COMMAND_EXECUTION]: The skill utilizes shell commands including git, find, grep, and cp -r to manage and install content from external sources.
- [PROMPT_INJECTION]: 1. Ingestion points: Downloads SKILL.md files from various community repositories and fetches content from external sites. 2. Boundary markers: No delimiters or ignore instructions directives are used when processing this remote content. 3. Capability inventory: The skill has significant capabilities including file system modification, command execution, and network access. 4. Sanitization: There is no evidence of validation or sanitization of the downloaded code or text before installation or presentation to the agent.
Audit Metadata