building-clis
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The file 'references/distribution.md' includes a template for a universal installation script that downloads and executes code from a remote source using the 'curl | bash' pattern. While intended for user-controlled repositories, this pattern is a known high-risk execution vector.
- [Privilege Escalation] (MEDIUM): Documentation in 'references/distribution.md' and 'references/shell-completion.md' provides examples of using 'sudo' to perform system-level tasks such as moving binaries to protected directories (/usr/local/bin) and writing to system-wide completion paths.
- [Persistence Mechanisms] (MEDIUM): The guide 'references/shell-completion.md' suggests modifying user shell profiles (e.g., '
/.bashrc', '/.zshrc') to source completion scripts, which is a form of system persistence. - [Indirect Prompt Injection] (LOW): The skill defines scaffolding templates in 'outputs.yaml' that use user-provided variables (like application names) to generate executable code. There is a lack of explicit sanitization or boundary markers in these templates to prevent malformed or malicious input from influencing the generated output. Evidence: 1. Ingestion: 'outputs.yaml' templates. 2. Boundary markers: Absent. 3. Capability inventory: Includes file system modification (sudo mv), network requests (curl), and command execution (bash) in generated scripts. 4. Sanitization: Absent.
Audit Metadata