publish-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill constructs shell commands by interpolating unvalidated user inputs (path, org, repo) into a bash script. This is vulnerable to shell injection attacks where a malicious string could execute arbitrary commands on the host system.
- [DATA_EXFILTRATION] (HIGH): The skill's primary function is to copy local files to a public GitHub repository. It lacks any filtering or validation logic to prevent the exfiltration of sensitive data like private keys, credentials, or configuration files if the input path is manipulated.
- [EXTERNAL_DOWNLOADS] (LOW): The skill invokes npx skills, which downloads and executes code from the npm registry at runtime. While npx is a standard utility, the security of the operation depends on the third-party skills package.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill provides a significant attack surface for indirect injection. 1. Ingestion points: File paths and repository names from user/external input. 2. Boundary markers: Absent; inputs are directly embedded in shell commands. 3. Capability inventory: File system read, directory creation, shell execution, and public network upload. 4. Sanitization: None; the skill does not validate inputs or inspect the content of the files being published.
Recommendations
- AI detected serious security threats
Audit Metadata