Skills
skills/kkkkhazix/khazix-skills/github-to-skills/Gen Agent Trust Hub

github-to-skills

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill ingests untrusted data from external GitHub repositories to generate instructions for new skills.
  • Ingestion points: fetch_github_info.py fetches the repository name and README content.
  • Boundary markers: None; the content is directly spliced into the generated SKILL.md file using f-strings in create_github_skill.py.
  • Capability inventory: The skill performs file writing and creates executable scripts.
  • Sanitization: None; malicious instructions in a README could override the agent's behavior when it later processes the generated skill.
  • Command Injection (MEDIUM): The fetch_github_info.py script uses subprocess.run(['git', 'ls-remote', url, 'HEAD']). While using a list is safer than a shell string, certain git protocols or crafted URLs can still lead to command execution in some environments.
  • Code Injection (HIGH): The script create_github_skill.py generates a wrapper.py script using the untrusted repo_name. This allows an attacker to place malicious strings into a script template that the agent is explicitly instructed to 'implement' or execute later.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:58 PM