day1-onboarding
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs users to use piped remote execution patterns (curl | bash and irm | iex) for software installation. Although the source (claude.ai) is associated with a trusted organization (Anthropic), this pattern is inherently high-risk as it bypasses local verification.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill promotes the installation of third-party plugins and addition of marketplaces from unverified sources (obra and team-attention) that are not on the trusted organizations list.
- [COMMAND_EXECUTION] (MEDIUM): Encourages lowering the Windows ExecutionPolicy (RemoteSigned) and creating shell scripts for Hooks and Status Line functionality, which execute automatically on specific events.
- [EXTERNAL_DOWNLOADS] (LOW): References official Anthropic domains (claude.ai) for installation, which are trusted sources, but the download method remains risky.
- [PROMPT_INJECTION] (LOW): The skill ingests external documentation via curl into the agent context (SKILL.md) for inaccuracy correction. No boundary markers or sanitization are present, while the agent possesses significant capabilities including shell execution (!) and plugin installation.
Audit Metadata