skill-installer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill's primary purpose is to download and install scripts into the
$CODEX_HOME/skillsdirectory, which are subsequently executed by the agent system. The instructions inSKILL.mdexplicitly support installing from any user-provided GitHub repository. - Evidence:
SKILL.mdoutlines instructions forinstall-skill-from-github.pyto download and overwrite files in the local skills directory. - EXTERNAL_DOWNLOADS (HIGH): The skill facilitates downloading content from external, unverified sources beyond the default curated list.
- Evidence:
SKILL.mdandscripts/list-curated-skills.pyallow overriding the repository source via the--repoargument. - CREDENTIALS_UNSAFE (MEDIUM): The skill accesses
GITHUB_TOKENandGH_TOKENfrom the environment and includes them in theAuthorizationheader of network requests. - Evidence:
scripts/github_utils.pyimplementsos.environ.get("GITHUB_TOKEN")and attaches it tourllib.request.Requestheaders. These credentials could be exposed if an attacker-controlled repository or path is passed to the script. - COMMAND_EXECUTION (MEDIUM): The skill uses Git (via fallback to sparse checkout) to manage files on the host system, which involves executing system-level commands with user-controllable parameters.
- Evidence:
SKILL.mdmentions the use ofgit sparse checkoutandmethod auto|download|gitfor installation tasks.
Recommendations
- AI detected serious security threats
Audit Metadata