skills-repo-maintenance
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill executes a Python script from a path derived from the $CODEX_HOME environment variable. Executing scripts from dynamically computed paths is a security risk if the environment can be manipulated.
- [Indirect Prompt Injection] (MEDIUM): The skill processes content from a Git repository (filenames, SKILL.md content) and uses it to update documentation and configuration files. It also uses these paths in shell commands. \n- Ingestion points: Git repository root content and folder structures. \n- Boundary markers: None present; the skill treats repo content as trusted input for metadata and documentation updates. \n- Capability inventory: File system writes (README.md, marketplace.json), git operations, and Python script execution. \n- Sanitization: No explicit sanitization or validation of the repository content is performed before processing.
- [Data Exfiltration] (LOW): The skill uses
git pushto synchronize changes with a remote repository. While standard for its purpose, this operation facilitates the transfer of local data to external systems.
Audit Metadata