Skills
skills/e-marchand/skills/4d-publish-github/Gen Agent Trust Hub

4d-publish-github

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): In scripts/publish.py, the setup_github_repo function is vulnerable to command injection.
  • Evidence: The code constructs a shell command cmd = f'gh repo create "{project_name}" --source=. --push {visibility_flag}' and executes it using subprocess.run(cmd, shell=True). The project_name is derived from the directory name or a .4DProject file, allowing an attacker to execute arbitrary commands by naming a folder with shell metacharacters (e.g., $(touch pwned)).
  • Evidence: The repository description is appended to the command after a naive escaping attempt: description.replace('"', '\\"'). This does not prevent command substitution via $() or backticks in a shell environment.
  • [COMMAND_EXECUTION] (MEDIUM): Both scripts/publish.py and scripts/install_workflows.py use a helper function run_cmd that executes commands with shell=True.
  • Evidence: Pervasive use of shell=True throughout the scripts increases the risk of shell-related vulnerabilities and is against security best practices.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill facilitates the download and installation of external software.
  • Evidence: The check_gh function in publish.py offers to install the GitHub CLI using brew install gh. While Homebrew is a trusted source, this involves external code execution at runtime.
  • [SAFE] (INFO): No hardcoded credentials or unauthorized data exfiltration patterns were detected in the provided files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:48 PM