Skills
skills/skillcreatorai/ai-agent-skills/share-a-library/Gen Agent Trust Hub

share-a-library

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses git, gh, and npx to perform repository initialization, commits, remote creation, and documentation building.\n- [EXTERNAL_DOWNLOADS]: Fetches and executes the ai-agent-skills package from the npm registry via npx. This package is a vendor-owned resource for the author 'skillcreatorai'.\n- [DATA_EXFILTRATION]: Employs git add . followed by gh repo create --public to upload the entire local workspace to a public GitHub repository. This behavior creates a risk of exposing sensitive files or credentials if they are not explicitly excluded by the user.\n- [PROMPT_INJECTION]: Indirect prompt injection surface identified. \n
  • Ingestion points: All local files in the current workspace (SKILL.md via git add .).\n
  • Boundary markers: None present to delimit untrusted file content from instructions.\n
  • Capability inventory: File system access (git), network access (gh, git push), and command execution (npx ai-agent-skills).\n
  • Sanitization: No validation or filtering is performed on the files before they are processed by the build-docs or publish commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 04:39 PM