Skills
skills/akillness/skills-template/agentic-workflow/Gen Agent Trust Hub

agentic-workflow

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The Dockerfile section in SKILL.md fetches an installation script from the official Claude.ai domain (https://claude.ai/install.sh).
  • [REMOTE_CODE_EXECUTION]: The skill contains a pattern in SKILL.md that pipes a remote script from https://claude.ai/install.sh directly into the shell (| sh) during a Docker build process.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality.
  • Ingestion points: The Git workflow in SKILL.md instructs the agent to ingest untrusted data by checking out pull requests (gh pr checkout) and analyzing source code files.
  • Boundary markers: There are no boundary markers or instructions provided to the agent to ignore potentially malicious instructions embedded in the pull request data or source files.
  • Capability inventory: The skill allows for powerful tools including Bash and Write, which could be exploited if the agent follows instructions found in untrusted data.
  • Sanitization: No sanitization or filtering of external content is specified before the agent processes it.
Recommendations
  • HIGH: Downloads and executes remote code from: https://claude.ai/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 12:43 PM