skill-installer
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches skill configurations and repository archives from GitHub's official API and codeload service.
- Evidence: Found in
scripts/github_utils.pyandscripts/install-skill-from-github.pyusingurllib.request. - The default repository is
openai/skills, which is a verified trusted organization. - [COMMAND_EXECUTION]: Utilizes the
gitcommand-line tool via thesubprocessmodule to manage repository sparse checkouts. - Evidence: Implemented in
scripts/install-skill-from-github.pyusingsubprocess.runwith list-style arguments to prevent shell injection. - The skill restricts git operations to repositories and paths specified by the user or defaults.
- [REMOTE_CODE_EXECUTION]: Facilitates the download and placement of external skill scripts into the local installation directory.
- Evidence: The core function of
scripts/install-skill-from-github.pyis to extract and copy repository content into$CODEX_HOME/skills. - Mitigation: The
_safe_extract_zipfunction explicitly checks extracted file paths to ensure they stay within the target destination, effectively preventing directory traversal (zip-slip) attacks.
Audit Metadata