Skills
skills/aradotso/trending-skills/club-3090-llm-serving/Gen Agent Trust Hub

club-3090-llm-serving

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires cloning an external GitHub repository https://github.com/noonghunna/club-3090.git to access its core functionality and configuration files.
  • [REMOTE_CODE_EXECUTION]: Instructions direct the user to execute multiple shell scripts downloaded from the external repository, including scripts/setup.sh, scripts/launch.sh, and scripts/switch.sh. These scripts are executed with high privileges relative to the host environment and can perform arbitrary actions.
  • [COMMAND_EXECUTION]: The skill heavily utilizes the bash interpreter to run several utility and setup scripts. This reliance on external shell scripts for environment management increases the attack surface.
  • [PROMPT_INJECTION]: The provided Python example for long-context processing reads content from a local file (large_codebase.txt) and interpolates it directly into the model prompt without using boundary markers, escaping, or sanitization. This establishes a surface for indirect prompt injection if the ingested file contains adversarial instructions.
  • Ingestion points: large_codebase.txt read via Python's open().read()
  • Boundary markers: Absent (direct string interpolation)
  • Capability inventory: Shell script execution (bash), Docker management
  • Sanitization: Absent
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 12:53 AM