skills-cloner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerability to Path Traversal via Indirect Prompt Injection. -- Ingestion point: User-provided skill names via process.argv in scripts/clone-skills.js. -- Boundary markers: None. -- Capability inventory: Recursive file deletion (fs.rm) and copying (fs.cp) in scripts/clone-skills.js. -- Sanitization: Absent; the script uses path.join with unsanitized input, allowing a user or malicious instruction to manipulate the agent into deleting or overwriting files outside the intended .github/skills directory using directory traversal sequences like '..'.
- [COMMAND_EXECUTION] (MEDIUM): The skill performs high-privilege file system modifications. -- Evidence: The script automatically synchronizes directory structures by deleting (fs.rm) and rewriting (fs.cp) content in the .agents/skills and .claude/skills directories. While these are intended destinations, the lack of input validation makes these operations dangerous if the source or destination paths are manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata