Oathe Security Badge

Is zysilm-ai/skill-master safe?

https://github.com/zysilm-ai/skill-master

71
CAUTION

This skill implements a sophisticated skill orchestration system that searches GitHub for external skills, downloads them, and executes them dynamically. While the functionality appears legitimate, it creates significant security risks through potential supply chain attacks and dynamic code execution.

Category Scores

Prompt Injection 68/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 42/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (4)

HIGH Dynamic External Skill Execution -40

The skill downloads external SKILL.md files from GitHub repositories and executes them using the Skill tool. This creates a significant security risk as it could execute malicious skills from compromised repositories.

HIGH Supply Chain Attack Vector -50

The skill searches GitHub repositories for skills and can execute them, creating a supply chain attack vector. An attacker could compromise a skill repository and have this skill automatically find and execute malicious content.

MEDIUM Dynamic Skill Creation -18

The skill can create new SKILL.md files based on research and immediately execute them. This could be exploited if the research phase is manipulated to create malicious skills.

MEDIUM Complex Agent Spawning -32

The skill spawns fresh agents using the Task tool with user-controllable context, which could potentially be exploited for prompt injection attacks.