Skills
skills/sjunepark/custom-skills/skills-cli/Gen Agent Trust Hub

skills-cli

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using bunx skills to manage the lifecycle of agent capabilities (found in SKILL.md and references/cli.md).
  • [EXTERNAL_DOWNLOADS]: Fetches data and potentially executable instructions from external GitHub repositories. Examples in SKILL.md and references/cli.md point to the author's own repositories and well-known technology services.
  • [REMOTE_CODE_EXECUTION]: The add command downloads content from remote URLs and integrates it as functional 'skills' within the agent's runtime environment, which effectively involves loading and executing remote instructions.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: The skill processes external URLs and local paths as sources for new agent instructions via bunx skills add commands.
  • Boundary markers: The skill includes a specific guardrail in SKILL.md: "Treat installed skills as executable instructions; avoid untrusted sources."
  • Capability inventory: The skill can execute shell commands (bunx) and has write access to agent-specific directories in the user's home folder (~/.claude/skills/, ~/.pi/agent/skills/).
  • Sanitization: There is no mention of automated content verification, sandboxing, or sanitization of the downloaded skill content prior to installation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 07:47 AM