skill-builder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The script
scripts/skills-ref.shperforms remote code execution by fetching and running a Python package from an unverified GitHub repository (agentskills/agentskills) usinguvx. This bypasses static analysis and poses a significant security risk as the source is not in the trusted list. - COMMAND_EXECUTION (MEDIUM): The
templates/skill-template.mdfile provides code patterns for executing arbitrary system commands via Node.jschild_process.exec. Without explicit sanitization guidance in the provided template, this methodology creates a high risk of command injection when processing untrusted data. - EXTERNAL_DOWNLOADS (MEDIUM): The skill promotes the installation of unverified global NPM packages and external CLI tools as part of its core functionality, which can introduce malicious or compromised dependencies.
- PROMPT_INJECTION (LOW): The skill demonstrates an indirect prompt injection surface (Category 8). Evidence: (1) Ingestion points:
readFilecalls intemplates/skill-template.mdfor JSON and text files. (2) Boundary markers: Absent in instructions. (3) Capability inventory:execAsync,gh,aws, andnpmoperations across the template. (4) Sanitization: Absent. This creates a path for malicious instructions embedded in processed data to influence tool execution.
Recommendations
- AI detected serious security threats
Audit Metadata