Skills
skills/mylesmcook/mcook-skills/github-gem-seeker/Gen Agent Trust Hub

github-gem-seeker

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The workflow instructs the agent to 'Search GitHub for tools or libraries', 'Pick one default candidate', and 'Use the chosen project to solve the task'. This pattern encourages the agent to fetch and run arbitrary code from unverified third-party sources.
  • [COMMAND_EXECUTION]: The skill requires the agent to determine a 'command or integration path' and execute it, which involves running shell commands provided by external software that has not been audited.
  • [INDIRECT_PROMPT_INJECTION]: The agent is tasked with processing external repository content (READMEs, metadata) to evaluate tools. This external content could contain hidden instructions or malicious payloads designed to exploit the agent during the tool integration phase.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 07:24 PM