skill-learner
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Persistence Mechanisms] (MEDIUM): The skill installs
post-commitgit hooks in the.git/hooks/directory of multiple repositories. This mechanism ensures that analysis code runs automatically every time a developer commits code. While documented as the primary function, git hooks are a standard technique used to maintain persistence on a system. - [Command Execution] (MEDIUM): The
bulk_install_hooks.shscript programmatically identifies repositories via.gitignoreand deploys executable scripts. This automated deployment of executable hooks increases the blast radius if the underlying analyzer logic is flawed or malicious. - [Unverifiable Dependencies] (MEDIUM): The installer relies on an external template script (
/mnt/github/workspace-hub/templates/hooks/post-commit.sh) which is not provided in the skill files. The security of the workspace depends entirely on the contents of this external, unverified template.
Audit Metadata