skill-installer
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a mechanism to download and install executable code in the form of agent skills from GitHub. Although it defaults to a trusted organization, the capability to install from any repository allows the deployment of untrusted scripts into the agent's workspace.
- [COMMAND_EXECUTION]: The scripts utilize the 'subprocess' module to execute 'git' commands for repository operations like cloning and sparse checkouts, enabling interaction with the host system's command line.
- [EXTERNAL_DOWNLOADS]: The utility makes network connections to GitHub's API and 'codeload.github.com' to fetch repository metadata and download skill archives.
- [CREDENTIALS_UNSAFE]: The code accesses and uses sensitive environment variables ('GITHUB_TOKEN', 'GH_TOKEN') for authentication. Handling these credentials in a script that can be directed to different repositories is a security-sensitive operation.
Audit Metadata