skills-batch-ops
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill fetches remote SKILL.md files from arbitrary GitHub repositories during the 'validate-content' phase to check for 'passed' status before installation. \n- [COMMAND_EXECUTION] (MEDIUM): The tool executes 'npx skills find' and 'npx skills add' to discover and install software onto the local machine. This modifies the system environment based on external input. \n- [REMOTE_CODE_EXECUTION] (MEDIUM): There is a risk of installing malicious code. Attackers can craft repositories with markdown files that pass the automated 'quality' checks (body length, frontmatter) but contain malicious logic in scripts that are subsequently installed via 'npx skills add'. \n- [DATA_EXPOSURE] (LOW): The 'analyze-project' command scans the local project root to identify technical stacks and keywords, which are then used to build external search queries.
Audit Metadata