skill-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill collects source code and metadata from a target skill directory and transmits it to the skillscatalog.ai API endpoint. This behavior is the primary intended function of the skill to enable remote publication and review.
- [COMMAND_EXECUTION]: The publish_skill.py script executes a local safety scanner via a subprocess call to a script located in a companion directory. This is used to evaluate the security of the skill being submitted before transmission.
- [EXTERNAL_DOWNLOADS]: The skill references the requests Python library as a dependency and identifies external management URLs on the skillscatalog.ai domain for API keys and tracking.
Audit Metadata