copaw-ai-assistant
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions encourage users to install the framework by piping remote scripts from 'https://copaw.agentscope.io/' directly to bash or powershell, which is a high-risk practice as the remote content is executed without verification.
- [EXTERNAL_DOWNLOADS]: The setup process involves downloading and installing the 'copaw' package from PyPI and cloning a source repository from GitHub.
- [COMMAND_EXECUTION]: Operating the framework requires executing CLI commands to initialize the environment and start the application service.
- [PROMPT_INJECTION]: Functionality provided in the skill examples for reading and summarizing content from remote URLs and local files introduces a risk of indirect prompt injection. Ingestion points: 'summarize_url' (remote content) and 'summarize_file' (local file content). Boundary markers: No delimiters or explicit instructions are used to segregate untrusted data from the agent's context. Capability inventory: The framework supports network requests, file reading, and custom Python script execution. Sanitization: Content is truncated but not sanitized to remove potential malicious instructions.
- [COMMAND_EXECUTION]: The framework automatically loads and executes Python scripts from a specific workspace directory ('skills/'), which could lead to unauthorized code execution if the local filesystem is compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://copaw.agentscope.io/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata