github-release-downloader
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches files from GitHub repositories via the official
browser_download_urlprovided by the GitHub API. These downloads target a well-known service and are a core feature of the tool's intended purpose. - [CREDENTIALS_UNSAFE]: The script incorporates a mechanism to read the
GITHUB_TOKENfrom environment variables to facilitate authenticated API requests. This is a standard and recommended practice for managing API credentials securely in script environments. - [DATA_EXFILTRATION]: While the skill writes files to the local file system (defaulting to a folder within the current directory), it does not transmit local data to unauthorized external endpoints. All network traffic is directed to GitHub's API and asset servers.
- [REMOTE_CODE_EXECUTION]: The skill is designed to download executable formats (.exe, .dmg, etc.) and archives. It does not automatically execute these files after downloading, requiring a separate manual step from the user to run the retrieved content.
Audit Metadata