Skills
skills/openharmonyinsight/openharmony-skills/openharmony-download/Gen Agent Trust Hub

openharmony-download

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill logic in SKILL.md interpolates user-provided variables ${BRANCH} and ${CUSTOM_DIR} directly into a shell command template used by the Bash tool. Because there is no sanitization of these strings, an attacker can provide input containing shell metacharacters (e.g., ;, &, |) to execute unauthorized commands on the host system.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The scripts/download_openharmony.sh script downloads the repo tool from https://raw.gitcode.com/gitcode-dev/repo/raw/main/repo-py3. GitCode is not on the list of trusted external sources provided in the security guidelines, introducing a third-party dependency risk.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill downloads the repo utility, marks it as executable using chmod a+x, and runs it via repo init. This pattern of downloading and executing unverified remote code is a high-risk behavior that bypasses static analysis of the skill's actual runtime actions.
  • [PRIVILEGE_ESCALATION] (MEDIUM): The script scripts/download_openharmony.sh performs a chmod a+x on the downloaded repo tool. Additionally, the skill documentation prompts users to execute sudo apt-get install commands, which involves privilege elevation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:07 PM