Skills
skills/deepfriedmind/agent-skills/es-toolkit/Gen Agent Trust Hub

es-toolkit

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The script scripts/init.sh performs network requests to GitHub APIs (api.github.com) and downloads source archives from github.com/toss/es-toolkit. While these are network operations, they target a high-reputation repository for a legitimate utility library, qualifying for a severity downgrade under trusted source rules.
  • [COMMAND_EXECUTION] (LOW): The skill executes standard system utilities including curl, wget, tar, awk, and sed. These are used for the intended purpose of downloading, extracting, and formatting documentation content. No arbitrary command execution or shell injection vectors were identified.
  • [INDIRECT_PROMPT_INJECTION] (INFO): The skill processes external documentation files and local package.json files. While these are untrusted inputs, the skill's capability is limited to documentation reference and code generation/refactoring advice within an IDE-like context, representing a low-impact surface.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 07:45 AM