Skills
skills/d-kimuson/dotfiles/skill-installer/Gen Agent Trust Hub

skill-installer

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and install external code from remote sources.
  • It downloads ZIP archives from codeload.github.com and clones repositories using git.
  • It defaults to curated content from openai/skills (a trusted organization), but allows users to specify any arbitrary GitHub repository.
  • [COMMAND_EXECUTION]: The installation script uses system commands to manage repositories.
  • scripts/install-skill-from-github.py executes git clone and git sparse-checkout via subprocess.run to retrieve skill files.
  • [CREDENTIALS_UNSAFE]: The skill handles authentication credentials for the GitHub API.
  • scripts/github_utils.py reads GITHUB_TOKEN or GH_TOKEN from the environment to authorize requests. While necessary for accessing private repositories, it represents handling of sensitive user secrets.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8).
  • Ingestion points: Fetches skill metadata and directory listings from the GitHub API (scripts/list-curated-skills.py).
  • Boundary markers: The skill listing output lacks explicit delimiters to separate untrusted remote data from system instructions.
  • Capability inventory: The skill has the capability to write files to the system (shutil.copytree) and perform network operations.
  • Sanitization: Employs _safe_extract_zip to prevent directory traversal attacks and validates skill names and paths to ensure they remain within the intended directory structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 08:00 AM