Skills
NYC
skills/delorenj/skills/installing-apps-tools-and-services/Gen Agent Trust Hub

installing-apps-tools-and-services

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): Scripts scripts/install-node-cli.sh and scripts/install-python-cli.sh execute global package installations using bun and uv. While this is the skill's primary purpose, it allows for arbitrary software installation based on provided arguments.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill facilitates downloading software from external registries (npm, PyPI) via bun and uv.
  • [PROMPT_INJECTION] (LOW): The installation scripts are vulnerable to indirect prompt injection. Ingestion points: Command-line arguments in scripts/install-node-cli.sh and scripts/install-python-cli.sh. Boundary markers: Absent. Capability inventory: Subprocess execution for global package managers. Sanitization: Uses shell quoting to prevent command injection, but does not validate the package being installed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:24 PM