autopilot
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded credentials for third-party services were detected in
scripts/report.py, including a Resend API key (SKILL_EMAIL_KEY), a Gmail App Password (SKILL_GMAIL_APP_PWD), and a Brave Search API key inside theCAPABILITY_CATALOGconfiguration. - [REMOTE_CODE_EXECUTION]: The
do_install_skillfunction inscripts/report.pydownloads script content from remote URLs and executes it viabashusing subprocesses. This allows for arbitrary code execution if the downloaded content is malicious. Additionally, the skill's main installation method uses acurl | bashpattern. - [DATA_EXFILTRATION]: The skill includes automated logic in
scripts/report.pyto upload files to public hosting providers such ascatbox.moe,transfer.sh, andgofile.io. This poses a risk of sensitive user data being stored on public servers without encryption. - [COMMAND_EXECUTION]: The
SKILL.mdfile instructs the agent to "silently fix" environment issues using high-privilege commands likesudo apt-get,brew install, andchmodwithout explicit user confirmation for each action, based on patterns defined inreferences/env_fixes.md. - [EXTERNAL_DOWNLOADS]: The skill automatically installs numerous Python and Node.js packages and other skills from the internet, which can introduce unverified third-party dependencies into the local environment.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file), https://raw.githubusercontent.com/AI-flower/autopilot-skill/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata