Skills
skills/joeseesun/qiaomu-skill-publisher/skill-publisher/Gen Agent Trust Hub

skill-publisher

Warn

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/publish_skill.py is vulnerable to command injection. It uses subprocess.run(shell=True) and interpolates variables directly into shell commands using data extracted from the SKILL.md file of the skill being published. A malicious user could craft a skill with a name or description containing shell metacharacters (e.g., ; rm -rf /) to execute arbitrary code when the publishing script runs.
  • [EXTERNAL_DOWNLOADS]: The skill invokes npx to run the skills utility, which involves downloading and executing code from a remote registry. It also requires the gh CLI for interacting with GitHub's API.
  • [COMMAND_EXECUTION]: The script modifies the user's home directory by creating symbolic links in ~/.agents/skills/. This is a shared directory used by multiple AI agent tools, and automatic modifications could lead to unauthorized configuration changes across different platforms.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 19, 2026, 07:14 AM