skills-management
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches skill metadata and assessment data from a well-known ecosystem service (skills.sh) using WebFetch.
- [REMOTE_CODE_EXECUTION]: Enables the installation of agent skills from GitHub repositories via a well-known CLI tool. The skill includes a detailed assessment guide in 'references/remote-skill-assessment.md' to help evaluate the quality and safety of remote code before execution.
- [COMMAND_EXECUTION]: Executes a suite of bundled Python scripts and shell commands to manage the lifecycle of agent skills, including installation, deletion, and cross-agent migration (e.g., 'scripts/install_skill.py', 'scripts/delete_skill.py').
- [PROMPT_INJECTION]: Presents an attack surface for indirect prompt injection by reading and displaying 'SKILL.md' content from other installed skills.
- Ingestion points: Skill metadata is ingested and displayed by 'scripts/list_skills.py', 'scripts/show_skill.py', and 'scripts/list_agent_skills.py'.
- Boundary markers: Uses standard triple-dash delimiters for parsing YAML frontmatter.
- Capability inventory: Includes capabilities to create, move, and delete directories across various AI agent configuration paths in the user's home directory.
- Sanitization: Implements name sanitization to prevent path traversal during installation and includes logic in 'scripts/review_skill.py' to flag XML tags in frontmatter that could interfere with agent system prompts.
Audit Metadata