karpathytalk-community
Fail
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions involve cloning a repository from an external source (github.com/karpathy/KarpathyTalk.git), compiling the source code using go build, and executing the resulting binary. This process runs unverified third-party code.
- [PROMPT_INJECTION]: The 'Embedding KarpathyTalk Content in an LLM Prompt' section provides code that fetches markdown content from a public API and injects it into a system prompt. This creates a surface for indirect prompt injection, as malicious users could post instructions on the platform designed to hijack the agent processing those posts.
- [COMMAND_EXECUTION]: The skill uses various shell commands for setup, deployment, and management, including environment variable exports, binary execution, and direct SQLite database access via the sqlite3 command line tool.
Recommendations
- AI detected serious security threats
Audit Metadata