skill-create
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to clone a repository from an untrusted source. Evidence: 'git clone git@github.com:sourman/skills.git /tmp/skills'. This repository is not within the trusted scope.
- REMOTE_CODE_EXECUTION (HIGH): The verification step uses 'bun x skills add sourman/skills/', which involves executing code from an untrusted source. This provides a direct path for remote code execution.
- DATA_EXFILTRATION (HIGH): The skill facilitates pushing content to an external repository via 'git push'. An attacker could use indirect prompt injection to influence the agent to include sensitive local data, such as environment variables or private keys, into the skill content before pushing it to the attacker-controlled repository.
- COMMAND_EXECUTION (MEDIUM): The skill makes extensive use of shell commands including 'git', 'mkdir', and 'cat' to modify the local filesystem and interact with the network, which increases the overall attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata