strix
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing the tool using
curl -sSL https://strix.ai/install | bashinscripts/install.sh,references/commands.md, andreferences/scan-modes-and-ci.md. This pattern executes code from a remote server without local verification. - [COMMAND_EXECUTION]: Helper scripts such as
scripts/install.sh,scripts/run-scan.sh, andscripts/ci-scan.shexecute thestrixCLI tool and Docker commands based on user-supplied targets and environment variables. - [EXTERNAL_DOWNLOADS]: The skill downloads a binary from
strix.aiand pulls a Docker image (ghcr.io/usestrix/strix-sandbox) from GitHub Container Registry. These are required for operation but involve external executable dependencies. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted targets. (1) Ingestion points: Target URLs and local directories in
SKILL.mdandscripts/run-scan.sh. (2) Boundary markers: No explicit markers are used to separate target data from agent instructions. (3) Capability inventory: The skill can execute subprocesses via wrapper scripts and perform network operations. (4) Sanitization: There is no explicit validation or sanitization of target strings before tool execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://strix.ai/install - DO NOT USE without thorough review
Audit Metadata