rusty-page-indexer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation explicitly instructs users and agents to execute a remote script via a 'curl | bash' pipeline from an unverified source.
- Evidence (README.md & SKILL.md):
curl -fsSL https://raw.githubusercontent.com/Algiras/rusty-pageindex/main/install.sh | bash. - Risk: This grants the maintainer of the 'Algiras' GitHub account full control over the host environment when the command is run.
- EXTERNAL_DOWNLOADS (HIGH): The skill relies on binaries and scripts hosted on GitHub repositories outside of the established trusted organizations.
- Evidence: Installation and tool update logic points to
github.com/Algiras. - COMMAND_EXECUTION (MEDIUM): The skill implements various commands that execute a custom third-party CLI tool (
rusty-page-indexer) on the local filesystem. - Evidence: Commands like
index,query, andauthexecute the unverified binary. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it indexes external untrusted data (local PDFs and Markdown files) without sanitization.
- Ingestion points:
rusty-page-indexer index <path>reads local document content. - Boundary markers: None present; the tool does not provide delimiters to separate document content from agent instructions.
- Capability inventory: The skill can execute shell commands and communicate with LLM APIs (OpenAI/Ollama).
- Sanitization: No sanitization or validation of the indexed document content is described, allowing attackers to place malicious instructions in documents that the agent may follow when querying the index.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Algiras/rusty-pageindex/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata