skill-hub
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides functionality to download and install external code via
alma skill install <user/repo>. This code is then symlinked into configuration directories and executed in subsequent turns, allowing for the execution of arbitrary remote code from an unverified repository. - [COMMAND_EXECUTION]: The skill uses the Bash tool to manage system files, create directories (
~/.config/alma/skills/), and execute thealmaCLI tool for package management operations. - [EXTERNAL_DOWNLOADS]: The skill initiates network requests to the
skills.shecosystem to fetch and update external skill packages. - [PROMPT_INJECTION]: The instructions explicitly direct the agent to 'be proactive' and install new capabilities from the external hub when a task fails, which can be exploited by a malicious actor to trick the agent into installing a compromised skill.
- [DATA_EXPOSURE]: The skill manages files within the user's home directory (
~/.agents/skills/,~/.config/alma/skills/), which could be leveraged by installed malicious skills to access or modify sensitive user data.
Recommendations
- AI detected serious security threats
Audit Metadata