discover-a-skill
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external content from unverified remote sources, including arbitrary GitHub repositories and user-defined slugs, via the
askill addcommand. - [REMOTE_CODE_EXECUTION]: The skill is designed to install and execute code from remote sources using
askill run. This executes arbitrary commands defined in external files, presenting a risk of executing malicious logic if an untrusted repository is used. - [PROMPT_INJECTION]: The skill instructs the agent to prioritize instructions found in the
SKILL.mdof installed skills (e.g., 'Always prefer reading the installed SKILL.md before improvising'). This creates an indirect prompt injection vulnerability where a malicious skill can hijack agent behavior. - Ingestion points:
SKILL.mdfiles downloaded from arbitrary GitHub repositories. - Boundary markers: Absent; instructions command the agent to follow the external file content directly.
- Capability inventory: The skill utilizes the
askillCLI to run shell commands and manage system files. - Sanitization: None; the agent is expected to parse and obey instructions found in the downloaded markdown files.
- [COMMAND_EXECUTION]: Extensive use of CLI commands to manage system state, install software, and execute third-party scripts.
- [DATA_EXFILTRATION]: The skill documentation explicitly identifies paths to sensitive local data, such as
~/.askill/credentials.jsonand~/.config/askill/config.json. While it does not exfiltrate them directly, this information exposure assists potential malicious skills installed through this manager.
Audit Metadata