Skills
skills/famaoai-creator/gemini-skills/github-skills-manager/Gen Agent Trust Hub

github-skills-manager

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill automates npm install for managed repositories. This allows for the installation and execution of untrusted code via package lifecycle scripts if the target repository is malicious.
  • [COMMAND_EXECUTION] (MEDIUM): The dashboard executes node, npm, and git commands. This provides a broad attack surface for command injection if the agent is tricked into managing a malicious directory or if parameters are manipulated.
  • [DATA_EXFILTRATION] (MEDIUM): The git push functionality, combined with the stated goal of managing "Personal" and "Confidential" knowledge, creates a risk of sensitive data (like API keys or private docs) being uploaded to remote repositories.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The skill performs git pull to sync code from remote sources. This can introduce malicious updates into the local workspace that are subsequently executed by the manager's other features.
  • [PROMPT_INJECTION] (LOW): The skill's description of a "Knowledge Protocol" attempts to define agent behavior regarding data sensitivity. This is an authoritative claim that should be verified by the system's own safety layer rather than the skill's self-description. Additionally, the skill is vulnerable to Indirect Prompt Injection:
  • Ingestion points: Reads package.json and SKILL.md from arbitrary managed skill directories.
  • Boundary markers: None identified.
  • Capability inventory: npm install, git push, git pull, and node script execution.
  • Sanitization: None identified.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:44 PM