Skills
skills/kevintsai1202/add-skill-installer/add-skill-installer/Gen Agent Trust Hub

add-skill-installer

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill's primary function is to download scripts from external Git repositories and place them into execution paths for various AI agents (e.g., ~/.claude/skills/, ~/.gemini/antigravity/skills/). This effectively allows remote code from untrusted sources to be executed by the agent.
  • COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute npx commands to run the add-skill package. This involves running external binaries that can modify the local file system.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill facilitates downloads from the npm registry and any Git provider (GitHub, GitLab, etc.). The installer itself (add-skill) and the repositories it targets are not within the defined trusted sources.
  • Indirect Prompt Injection (LOW):
  • Ingestion points: Untrusted data is ingested from remote Git repositories via the source argument.
  • Boundary markers: No specific delimiters or safety warnings are implemented to prevent the agent from obeying instructions found within the repository being installed (e.g., during the --list step).
  • Capability inventory: The skill possesses file-write capabilities to sensitive agent directories and general command execution via npx.
  • Sanitization: There is no evidence of code sanitization or safety checks on the content of the remote repositories before they are installed into the agent's environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:26 PM