Skills
skills/fandhe-ai/agent-cli-skills/sync-skills-lock/Gen Agent Trust Hub

sync-skills-lock

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses several shell commands (gh, git, jq, sha256sum) to perform its synchronization tasks. These operations are restricted to the local repository context and specific system directories (/tmp).
  • [EXTERNAL_DOWNLOADS]: Uses gh repo clone to fetch metadata and files from GitHub. The skill implements a mandatory security check that validates the repository source prefix (Fandhe-AI/) before attempting any network operation, preventing unauthorized repository cloning.
  • [DATA_EXFILTRATION]: While it performs network operations, they are limited to cloning code for hash verification purposes. There is no evidence of sensitive data being sent to external servers.
  • [PROMPT_INJECTION]: The skill uses a human-in-the-loop approval process (Step 6 and Step 8) which ensures that any changes suggested by the automation must be reviewed and confirmed by the user before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 09:41 PM