simple-logger-usage
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The README.md file and the automated security scan identify an installation command:
curl -fsSL https://raw.githubusercontent.com/Alcyone-Labs/simple-logger/main/skills/install.sh | bash. This pattern downloads and executes a script directly from a remote source. While the repository belongs to the skill's author, this method bypasses manual review of the script's contents and creates a potential vector for executing unverified code if the remote source is compromised. - [COMMAND_EXECUTION]: In
commands/opencode/simple-logger-usage.md, the workflow includes a step to executeskills/install.shlocally. This command execution is gated by a simple check for a string flag in the user input, which allows the skill to run shell scripts on the host system during normal operation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its handling of user arguments in
commands/opencode/simple-logger-usage.mdwhich triggers the aforementioned command execution. - Ingestion points: The
$ARGUMENTSvariable is used to parse user intent and flags. - Boundary markers: None detected; the skill does not use delimiters or instructions to ignore embedded flags in the user input.
- Capability inventory: The skill can execute shell scripts (
install.sh) and read multiple reference files. - Sanitization: There is no sanitization or validation of the arguments; it simply checks if the string contains
--update-skill. A malicious user could craft a prompt that tricks the agent into triggering the installation script unintentionally.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Alcyone-Labs/simple-logger/main/skills/install.sh - DO NOT USE without thorough review
Audit Metadata