Skills
skills/arabelatso/skills-4-se/environment-setup-assistant/Gen Agent Trust Hub

environment-setup-assistant

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and binaries from official and well-known repositories, including Homebrew (GitHub), NVM (GitHub), Pyenv (pyenv.run), Microsoft (VS Code), and GitLab. These sources are established and trusted within the developer community.
  • [REMOTE_CODE_EXECUTION]: The skill generates and recommends the 'pipe to shell' pattern (e.g., curl | bash) for installing core tools like Homebrew, NVM, and Pyenv. While the targets are trusted, this execution method is noted for its inherent reliance on the integrity of the remote source and transport security.
  • [COMMAND_EXECUTION]: The generated scripts frequently utilize sudo for system-level tasks such as installing packages via apt-get on Linux or modifying /etc/apt/keyrings/. This privilege escalation is appropriate and expected given the skill's purpose of system configuration.
  • [COMMAND_EXECUTION]: The skill provides automated routines to modify shell profile files (~/.bashrc, ~/.zshrc, ~/.zprofile) to persist environment variables like PATH, PYENV_ROOT, and NVM_DIR. This is standard practice for the version managers being installed.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection vulnerability surface:
  • Ingestion points: In Scenario 2, the skill is designed to analyze local project files such as package.json and requirements.txt to determine setup requirements.
  • Boundary markers: There are no explicit markers or instructions to the agent to disregard potentially malicious instructions embedded within the metadata or content of these external files.
  • Capability inventory: The skill produces executable code with significant system capabilities, including broad file system access, network operations, and privilege escalation via sudo across multiple scripts (setup_docker.sh, setup_nodejs.sh, setup_python.sh).
  • Sanitization: The skill does not demonstrate mechanisms to sanitize or validate data extracted from analyzed project files before incorporating it into the generated shell scripts.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 10:20 PM