Skills
skills/cmkim/mj-download-test/art-repo-pip-install/Gen Agent Trust Hub

art-repo-pip-install

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis

================================================================================

🔵 VERDICT: LOW

This skill is designed to install Playwright, Chromium, and Google API client packages. The install.py script uses subprocess.check_call to execute pip install commands for playwright, google-api-python-client, google-auth-httplib2, google-auth-oauthlib, and playwright install chromium. These commands download and install external software.

Total Findings: 1

🔵 LOW Findings: • Unverifiable Dependencies

  • install.py: The skill installs external Python packages and a browser from trusted organizations (Microsoft for Playwright, Google for Google API clients). While any external dependency introduces a degree of risk, the trusted nature of these sources downgrades the severity of this finding to LOW/INFO. The skill's behavior aligns directly with its stated purpose in SKILL.md.

================================================================================

No other malicious patterns such as prompt injection, data exfiltration, obfuscation, privilege escalation, persistence mechanisms, metadata poisoning, indirect prompt injection, or time-delayed attacks were detected.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 06:42 AM