Skills
skills/why8023/agent-skills/skill-authoring-sync/Gen Agent Trust Hub

skill-authoring-sync

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands via cmd /c, mise, and npx to perform lifecycle operations such as initializing skills, verifying installations, and running validation scripts.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the why8023/agent-skills repository on GitHub and the npm registry. These network operations are intrinsic to the skill's purpose of synchronizing code with a remote central repository and managing dependencies.
  • [DATA_EXFILTRATION]: While the skill performs git push operations to a remote repository, this is directed to the author's own repository (why8023/agent-skills) as part of a documented synchronization workflow, not an unauthorized exfiltration of sensitive data.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface as it processes user-provided skill names and content.
  • Ingestion points: Skill names and content provided by the user (or the agent on the user's behalf) are written to local files.
  • Boundary markers: No specific boundary markers or 'ignore' instructions are used for the created content, as the skill functions as an authoring tool.
  • Capability inventory: The skill can write files, execute Git commands (commit/push), and run the npx skills utility.
  • Sanitization: The skill assumes the integrity of the authored content and does not implement specific sanitization routines before file writes or Git commits.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:45 AM