Skills
skills/antithesishq/antithesis-skills/antithesis-bootstrap/Gen Agent Trust Hub

antithesis-bootstrap

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The submit.sh script references and recommends the installation of the snouty CLI tool from a GitHub repository (github.com/orbitinghail/snouty) that is not included in the trusted vendors list.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of the snouty binary, a third-party tool that manages the build and deployment of the user's system to a remote testing environment.
  • [COMMAND_EXECUTION]: The skill generates and executes shell scripts (submit.sh, test.sh, setup-complete.sh) and uses container engines (Docker or Podman) to prepare and test the deployment.
  • [DATA_EXFILTRATION]: The skill's primary function includes pushing project code and configuration to a remote repository (ANTITHESIS_REPOSITORY) as part of its documented workflow.
  • [PROMPT_INJECTION]: The skill analyzes local project files to generate testing infrastructure, creating a surface for indirect prompt injection.
  • Ingestion points: The agent is instructed to analyze the System Under Test (SUT) by reading the user's project files (SKILL.md, Step 2).
  • Boundary markers: No explicit delimiters or instructions are used to prevent the agent from following instructions embedded in project files.
  • Capability inventory: File writing, shell script execution, container management, and network communication via the snouty tool.
  • Sanitization: No validation or filtering is performed on the project data before it influences script generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 09:28 AM