Skills
skills/gmh5225/awesome-skills/claude-code-skills/Gen Agent Trust Hub

claude-code-skills

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill directs the agent to use WebFetch to retrieve a README.md from an untrusted repository (gmh5225/awesome-skills). This is an external ingestion point for untrusted data.
  • COMMAND_EXECUTION (LOW): Instructs the use of git clone, ls, and head on user-scoped directories (~/.claude/skills/). These are standard for the skill's purpose but involve filesystem and network interaction.
  • REMOTE_CODE_EXECUTION (LOW): Facilitates the installation of third-party code via git clone from arbitrary repositories. While common for development tools, it encourages the execution of unverified remote code.
  • PROMPT_INJECTION (LOW): (Indirect) The skill ingest untrusted data from an external source without explicit boundary markers or sanitization logic.
  • Ingestion points: WebFetch of https://raw.githubusercontent.com/gmh5225/awesome-skills/refs/heads/main/README.md (SKILL.md).
  • Boundary markers: Absent; the content is fetched directly into the context.
  • Capability inventory: git clone, ls, head (SKILL.md).
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 10:10 AM