Skills
skills/j4rk0r/claude-skills/skill-advisor/Gen Agent Trust Hub

skill-advisor

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands via npx and ls to manage, discover, and list installed skills within the environment (e.g., ls ~/.claude/skills/, npx skills find).
  • [EXTERNAL_DOWNLOADS]: The skill is designed to download and install external code packages (AI agent skills) from remote repositories using the npx skills add utility. This is a core feature of the skill.
  • [REMOTE_CODE_EXECUTION]: By facilitating the installation of third-party skills, the skill enables the execution of remote code. It mitigates associated risks by requiring explicit user confirmation before initiating any installation command and using the platform's standard package management tools.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface.
  • Ingestion points: It parses descriptions of other installed skills from the system-reminder to match them against project tasks.
  • Boundary markers: Absent; skill descriptions are evaluated directly for relevance.
  • Capability inventory: The skill can execute shell commands (npx, ls) and read local files.
  • Sanitization: Absent; the skill does not explicitly sanitize the contents of external skill descriptions before processing them.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 06:04 AM