Skills
skills/aaaaqwq/claude-code-skills/antislop/Gen Agent Trust Hub

antislop

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The 'Pattern Refresh Protocol' in SKILL.md contains instructions for the agent to fetch data from Wikipedia APIs using curl and pipe the output directly into a python3 process. While the Python script itself is hardcoded in the skill, piping dynamic content from the web into an interpreter is a high-risk pattern that can be exploited if the source content is compromised.
  • [COMMAND_EXECUTION]: The skill's refresh workflow requires the agent to execute multiple shell commands, including curl, python3, and an external CLI tool named gemini. These commands are used to fetch external data and generate new logic for the skill.
  • [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection due to its core 'editor' functionality.
  • Ingestion points: The skill reads untrusted user data from files and direct input via the Read tool as specified in SKILL.md.
  • Boundary markers: The instructions do not define any delimiters (like XML tags) or instructions to ignore embedded commands within the text being analyzed/fixed.
  • Capability inventory: The skill possesses powerful capabilities including Read, Edit, and Write file access, as well as the ability to execute shell commands (curl, python3, gemini) as documented in SKILL.md.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the input text before it is processed by the agent's logic.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from the Wikipedia API to update its detection heuristics. While Wikipedia is a well-known service, the automated retrieval and integration of this data into the skill's instructions represent an external dependency on unversioned remote content.
  • [DYNAMIC_EXECUTION]: The refresh protocol encourages the agent to perform 'self-modifying' behavior. It is instructed to read external output, identify new patterns, and manually update its own SKILL.md file, including the pattern counts and the last-refreshed metadata field. This could allow an attacker who controls the external source to inject new, malicious instructions directly into the skill's core logic.
Recommendations
  • HIGH: Downloads and executes remote code from: https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:Signs_of_AI_writing&prop=wikitext&format=json, https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:WikiProject_AI_Cleanup&prop=wikitext&format=json - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 10:15 PM