Skills
skills/shareful-ai/skills/shareful-init/Gen Agent Trust Hub

shareful-init

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The skill instructs the agent to run npx shareful-ai, which downloads and executes code from the npm registry at runtime. The package is not from a trusted source.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): Relies on the execution of code downloaded from the npm registry without version pinning or source verification.
  • [DATA_EXFILTRATION] (LOW): The npx shareful-ai register command is used to send repository metadata to an external service (shareful.ai) for indexing.
  • [COMMAND_EXECUTION] (MEDIUM): The skill requires the execution of multiple shell commands, including git, gh (GitHub CLI), and npx, and modifies a configuration file at ~/.shareful/config.json.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:25 PM