sync-skills
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and installs content from unvalidated external sources into AI tool configuration directories (such as ~/.claude/skills and ~/.cursor/skills). Because these directories are used to store executable instructions for AI agents, this allows for the persistent installation of potentially malicious content.
- [EXTERNAL_DOWNLOADS]: Fetches data from arbitrary GitHub repositories and skillsmp.com URLs via git clone and curl based on user input.
- [COMMAND_EXECUTION]: Executes shell commands including git, curl, cp, and rm to manage files in sensitive application directories. While the script implements a confirmation step, it handles arbitrary external content and overwrites existing files by default.
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by syncing unvetted instructions from external URLs.
- Ingestion points: sync-skill.sh (lines 80-100 for GitHub, lines 125-145 for web pages).
- Boundary markers: Absent; files are copied directly without delimiters or instruction-isolation markers.
- Capability inventory: Writing to ~/.claude/skills, ~/.cursor/skills, and other tool directories; executing git and curl.
- Sanitization: No validation or filtering of the downloaded content is performed.
Audit Metadata