Skills
skills/kalshamsi/power-engineer-skills/setup/Gen Agent Trust Hub

setup

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's primary function is to generate an install-skills.sh script containing numerous npx skills@latest add commands. This pattern facilitates the downloading and immediate execution of code from external repositories.
  • [EXTERNAL_DOWNLOADS]: The skill references a massive catalog of external repositories. While some originate from trusted organizations (e.g., Anthropic, Microsoft, Google), a significant portion of the recommended code comes from unverified third-party accounts such as 'obra', 'supercent-io', 'inferen-sh', and 'mattpocock'. The skill encourages users to run the generated script immediately after creation.
  • [COMMAND_EXECUTION]: In Step 2 of the skill workflow, the agent is instructed to execute bash commands (ls ~/.claude/skills/ and ls .claude/skills/) to read the directory structure of the user's home directory and local project path.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 21, 2026, 10:13 PM