installing-skills
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash script (install.sh) to manage the local filesystem, creating directories with mkdir and downloading files via curl.
- [EXTERNAL_DOWNLOADS]: The skill connects to api.github.com and raw.githubusercontent.com to fetch skill contents. These downloads are performed from the author's own repository and are necessary for the skill's core functionality.
- [REMOTE_CODE_EXECUTION]: The skill downloads SKILL.md files that contain instructions for the AI agent. Although these are markdown instructions rather than compiled binaries, they serve as the functional code that defines the agent's capabilities and logic.
Audit Metadata