installer
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill is explicitly designed to perform system installations, including creating 'Conda virtual environments' and configuring project infrastructure. It routes instructions to external reference files (
references/*.md) that contain step-by-step commands, which could be leveraged for arbitrary execution if those files are modified or unverified. - [DATA_EXFILTRATION / EXPOSURE] (MEDIUM): The 'skill-tracker.md' component interacts with the
~/.claudedirectory, a sensitive location containing agent configuration and activity logs. The verification workflow usescatto read from~/.claude/activity-logs/skill-usage.jsonl, exposing internal agent behavior logs. - [PERSISTENCE] (MEDIUM): The skill installs 'Hook scripts for tracking skill invocations.' In the context of an AI agent, hooks that trigger automatically upon skill usage represent a persistence mechanism that can monitor or intercept future interactions.
- [INDIRECT PROMPT INJECTION] (LOW): The skill's routing logic is driven by 'Trigger Keywords' from user input. This creates an attack surface where a user might attempt to manipulate the routing to execute unintended installation workflows, though the scope is limited to the local
references/directory. - [DYNAMIC EXECUTION] (LOW): The skill dynamically loads instructions from computed paths based on user input (Step 2: 'Read the corresponding guide file from references/'). While the files are local, this pattern of dynamic loading and execution of markdown-based workflows is a risk factor.
Audit Metadata