Skills
skills/akillness/oh-my-skills/strix/Gen Agent Trust Hub

strix

Fail

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation script scripts/install.sh and documentation in SKILL.md and references/commands.md recommend installing the CLI via curl -sSL https://strix.ai/install | bash. This pattern downloads and executes arbitrary code from a remote server without verification.
  • [COMMAND_EXECUTION]: The skill uses wrapper scripts (scripts/run-scan.sh, scripts/ci-scan.sh) to execute the strix binary and docker commands on the host system. It requires an active Docker daemon and can pull container images from remote registries.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and analyze content from untrusted external sources like GitHub repositories and live URLs.
  • Ingestion points: Target URLs and repository paths are passed to the tool via the --target or -t flag in scripts/run-scan.sh and SKILL.md.
  • Boundary markers: The skill suggests using --instruction-file for scoping and rules of engagement, but this does not provide a technical boundary to prevent instructions embedded in target data from influencing the agent's behavior.
  • Capability inventory: The skill is granted Bash and WebFetch tools and interacts with the system's Docker environment.
  • Sanitization: There is no evidence in the skill's wrapper scripts that content from external targets is sanitized or filtered before being processed by the underlying AI-driven tool.
Recommendations
  • HIGH: Downloads and executes remote code from: https://strix.ai/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 28, 2026, 03:41 AM