Skills
skills/ansteorra/kmp/install-skills/Gen Agent Trust Hub

install-skills

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill is designed to download content from external GitHub repositories using git clone and curl. While it defaults to trusted sources like anthropics/skills, it accepts any user-provided GitHub repository URL.
  • Evidence: scripts/install-skill.sh uses git clone on a URL constructed from the SOURCE_REPO variable. scripts/list-skills.sh uses curl against the GitHub API.
  • COMMAND_EXECUTION (SAFE): The skill executes shell commands (git, mkdir, cp, rm) to manage local files. These are restricted to the skill's intended purpose of installation and do not use sudo or other privilege escalation techniques.
  • INDIRECT_PROMPT_INJECTION (LOW): This skill creates a significant ingestion surface by downloading instructions (SKILL.md) from untrusted external repositories. An attacker could host a repository with malicious instructions that the agent would then execute once installed.
  • Ingestion points: scripts/install-skill.sh clones remote repositories into the local environment.
  • Boundary markers: Absent. The agent is instructed to treat the downloaded files as valid skills.
  • Capability inventory: The skill can write files to the local filesystem (.github/skills or ~/.copilot/skills) and execute git and curl commands.
  • Sanitization: Absent. There is no validation of the content of the downloaded skills before installation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:49 PM