elevate-skill
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard shell utilities such as
cp,rm, andgitto manage skill directories and repository state. - [DATA_EXFILTRATION]: It performs a
git pushto an external repository. While this is the intended purpose, it presents a risk if local skills contain sensitive data like hardcoded API keys. - [REMOTE_CODE_EXECUTION]: It uses
npxto execute a package namedskills, which performs the installation of the newly elevated skill from the repository.
Audit Metadata