Skills
skills/verneagent/tiny-skills/adhoc-skill/Gen Agent Trust Hub

adhoc-skill

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands and Python scripts to perform legitimate file management tasks.
  • Evidence: Uses rsync to synchronize skill directories from source to target locations (~/.agents/skills/).
  • Evidence: Executes a local Python script scripts/fanout.py to create symbolic links in agent-facing directories (e.g., ~/.claude/skills).
  • Evidence: Uses git init when creating new independent skill repositories as part of its documented workflow.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill interacts with local configuration files and directories, but no sensitive data is sent externally.
  • Evidence: Reads and writes to ~/.adhoc-skill/config.json to manage user-defined skill root paths.
  • Evidence: Scans local directories for SKILL.md files to identify available skills.
  • [PRIVILEGE_ESCALATION]: No privilege escalation attempts were detected.
  • Evidence: All operations (rsync, symlinking, file writes) occur within the user's home directory (~) without requiring sudo or administrative privileges.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:41 AM