setup-environment
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes a local shell script (
bash scripts/validate-setup.sh) and Husky hooks (.husky/_/husky.sh). These scripts reside within the repository and are executed without content verification, allowing for arbitrary code execution if the repository is compromised. - [COMMAND_EXECUTION] (HIGH): The skill includes instructions to use
sudo apt-get install git, which grants the agent administrative privileges on the host system. - [EXTERNAL_DOWNLOADS] (HIGH): The skill performs
npm installat the repository root. This triggers the download and execution of arbitrary third-party code defined in the project'spackage.jsondependencies, including potentialpreinstallorpostinstallscripts. - [REMOTE_CODE_EXECUTION] (LOW): The skill installs
@anthropic-ai/claude-codevia npm. While this is remote code execution, the source is a Trusted Organization (anthropic-ai), which downgrades the severity of the download finding itself per security guidelines. - [CREDENTIALS_UNSAFE] (MEDIUM): The skill targets sensitive environment files (
.env) and explicitly prompts the user to input anANTHROPIC_API_KEY. While necessary for setup, this behavior creates an exposure surface for sensitive credentials. - [INDIRECT PROMPT INJECTION] (HIGH): The skill processes untrusted content from the repository (e.g.,
package.json,scripts/validate-setup.sh) and has high-privilege execution capabilities (Bashtool,sudo). An attacker-controlled repository could use these files to inject malicious commands that the agent will execute during the setup process.
Recommendations
- AI detected serious security threats
Audit Metadata