skills-download
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
SKILL.mdfile contains instructions directing the AI agent to write sensitive environment variables (VOLCENGINE_ACCESS_KEYandVOLCENGINE_SECRET_KEY) to a file in the workspace if they are missing. Storing long-lived cloud credentials in plaintext files within a shared workspace increases the risk of credential theft or accidental exposure. - [EXTERNAL_DOWNLOADS]: The script
scripts/skills_download.pyuses theveadklibrary to download zip archives from Volcengine TOS (Tencent Object Storage) based on paths retrieved from a remote API (ListSkillsBySpaceId). - [REMOTE_CODE_EXECUTION]: The script extracts downloaded zip files using
zipfile.extractall()into the user-specified directory. Since these files are intended to be "skills" (which contain executable logic or instructions), this mechanism allows the delivery of remote code into the local environment. The script does not perform integrity checks or content validation on the downloaded archives before extraction.
Audit Metadata