auto-claude-updater
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill fetches version data and changelogs from a non-trusted GitHub repository (AndyMik90/Auto-Claude) using curl.
- REMOTE_CODE_EXECUTION (HIGH): The skill's documentation and scripts encourage users to execute 'git pull' followed by 'npm run install:all' from an external repository. This presents a critical supply chain risk where a compromise of the remote repository leads to arbitrary code execution.
- COMMAND_EXECUTION (MEDIUM): The provided bash script 'sync-auto-claude-skills.sh' performs file system operations including 'mkdir', 'cp', and 'sed -i' to modify local skill files based on external input.
- PROMPT_INJECTION (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8). 1. Ingestion points: Documentation (README.md, CHANGELOG.md) is fetched from GitHub and copied into the agent's skill reference directories. 2. Boundary markers: No delimiters or protective instructions are added to the ingested content. 3. Capability inventory: The skill can modify its own and other skills' definitions and reference files. 4. Sanitization: External content is processed without any validation or filtering. Malicious instructions in the upstream documentation could influence the agent's subsequent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata