zeude
Fail
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation process for the 'Zeude Shim' involves fetching a shell script from a remote URL (https://raw.githubusercontent.com/zep-us/zeude/main/install.sh) and piping it directly to the bash interpreter. This executes unverified code with the privileges of the current user.
- [COMMAND_EXECUTION]: The skill implements a 'shim' architecture that intercepts and wraps standard command-line tools. This pattern allows the skill to execute arbitrary logic every time the primary tool (Claude CLI) is invoked.
- [DATA_EXFILTRATION]: The platform captures and exports session data, including user prompts, token usage, and skill activity, to external OpenTelemetry and ClickHouse instances. This telemetry channel transmits full conversation context to external infrastructure.
- [EXTERNAL_DOWNLOADS]: The skill fetches and executes components from multiple third-party repositories (zep-us/zeude and akillness/oh-my-skills) which are not verified sources.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: The skill uses UserPromptSubmit hooks to intercept user input in real-time. Boundary markers: No explicit delimiters are present to isolate user input from instructions. Capability inventory: The skill has access to Bash, Write, and WebFetch tools. Sanitization: No sanitization of user-supplied prompt data is performed before intent analysis.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/zep-us/zeude/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata