add-skill
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill is designed to download content from arbitrary GitHub repositories. It does not enforce a whitelist of trusted sources, allowing the agent to fetch potentially malicious code from any user-provided URL.\n- REMOTE_CODE_EXECUTION (HIGH): Downloaded skills are placed in the agent's skill directory for use. This process facilitates the installation and execution of unverified remote scripts and agent instructions, posing a significant security risk.\n- COMMAND_EXECUTION (MEDIUM): The workflow executes a bundled Python script (
scripts/fetch_skill.py) and git commands. This involves invoking subprocesses with arguments derived from external, untrusted input.\n- PROMPT_INJECTION (LOW): The skill creates an attack surface for indirect prompt injection via downloaded content. 1. Ingestion point: GitHub repository files (SKILL.md, scripts). 2. Boundary markers: None specified in documentation or workflow. 3. Capability inventory: Installation of new skills into the workspace and execution of local Python scripts. 4. Sanitization: No validation or sandboxing of the downloaded skill's content is described.
Recommendations
- AI detected serious security threats
Audit Metadata