Skills
skills/j5ik2o/okite-ai/skill-installer/Gen Agent Trust Hub

skill-installer

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches curated skill lists from the OpenAI repository (a trusted organization) and downloads skill archives from GitHub (a well-known service).
  • [COMMAND_EXECUTION]: Executes git clone and git sparse-checkout using subprocess.run with list arguments to avoid shell injection. All git operations are directed towards well-known GitHub domains.
  • [CREDENTIALS_UNSAFE]: Uses the GITHUB_TOKEN or GH_TOKEN from environment variables to authenticate with the GitHub API, facilitating the installation of skills from private repositories.
  • [REMOTE_CODE_EXECUTION]: Installs new agent skills from remote repositories, which introduces new code and instructions into the agent's environment. The skill enforces directory name validation and path traversal checks to mitigate risks.
  • [PROMPT_INJECTION]:
  • Ingestion points: scripts/list-curated-skills.py (reads GitHub API responses for skill directory listings).
  • Boundary markers: Absent.
  • Capability inventory: Includes the ability to clone repositories using git and write skill files to the local $CODEX_HOME/skills directory.
  • Sanitization: Implements _safe_extract_zip to prevent directory traversal attacks and validates that skill names are single path segments.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 01:09 AM