Skills
skills/camacho/ai-skills/publish-skill/Gen Agent Trust Hub

publish-skill

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs various shell operations to manage the local filesystem and Git repositories. It uses git hash-object to verify file integrity, cp -r to move skill data, and standard git commit and git checkout commands to handle versioning and rollbacks.
  • [EXTERNAL_DOWNLOADS]: Interacts with remote Git servers via git push, git fetch, and git cherry-pick to synchronize code. It also uses npx to run the skills utility, which involves fetching and executing a package from a remote registry.
  • [REMOTE_CODE_EXECUTION]: Utilizes npx skills add camacho/ai-skills to automate the installation of skills. The use of NPX to execute code from the specified repository is consistent with the author's identity and the skill's stated purpose of managing agent capabilities.
  • [DATA_EXFILTRATION]: Transfers local skill definitions from the .agents/skills/ directory to a remote repository. This data movement is the intended primary function of the skill; security risks are mitigated by the requirement for user confirmation before pushing data and the inclusion of a 'code-reviewer' step to inspect content for malicious patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 02:18 PM