Skills
skills/arcblock/agent-skills/simple-skills-manager/Gen Agent Trust Hub

simple-skills-manager

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The instructions guide the user to have the agent clone a repository from https://github.com/ArcBlock/agent-skills.git. This organization is not included in the pre-defined 'Trusted GitHub Organizations' list, making the source unverified.
  • REMOTE_CODE_EXECUTION (HIGH): The prompt instructions explicitly command the agent to 'execute the simple-skills-manager skill inside it' immediately after cloning. This 'download then execute' pattern from an untrusted source is a high-risk security vector.
  • COMMAND_EXECUTION (MEDIUM): The instructions involve the agent executing shell commands (mkdir -p, git clone) to modify the user's local filesystem and environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:24 PM