Skills
skills/starchild-ai-agent/official-skills/skillmarketplace/Gen Agent Trust Hub

skillmarketplace

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill retrieves OIDC identity tokens by communicating with a local Unix socket (/.fly/api) via a POST request to http://localhost/v1/tokens/oidc.
  • [COMMAND_EXECUTION]: The publishing workflow executes shell commands (curl, head) and inline Python scripts (python3 -c) to recursively read local directory contents and package them for transmission.
  • [DATA_EXFILTRATION]: Local files from the user's skill directory are read and transmitted to an external endpoint (https://skills-market-gateway.fly.dev/skills/publish) during the publishing process.
  • [EXTERNAL_DOWNLOADS]: The search_skills tool is configured to download and install software packages from external registries using the npx skills add command.
  • [REMOTE_CODE_EXECUTION]: The auto_install feature automatically executes installation scripts from the global skills ecosystem (e.g., Vercel, Anthropic, OpenClaw indices), which involves running third-party code locally.
  • [PROMPT_INJECTION]: The skill contains strong directives that instruct the agent to avoid manual verification or standard system tools (e.g., "Do NOT manually curl", "NEVER curl GitHub"), potentially bypassing user-mediated security reviews in favor of automated tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 12:14 PM