quien-whois-lookup
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions for Ubuntu and Debian systems explicitly recommend executing a remote shell script with administrative privileges:
curl -fsSL https://apt.quien.dev/install.sh | sudo sh. This is a critical security risk as it allows for the execution of unverified, arbitrary code from an external server directly on the host machine.- [EXTERNAL_DOWNLOADS]: The skill fetches software and configurations from multiple unverified external sources, including a custom APT repository atapt.quien.dev, a Homebrew tap (retlehs/tap), and a Go package from GitHub (github.com/retlehs/quien). None of these sources are associated with established trusted organizations or well-known services.- [COMMAND_EXECUTION]: The skill's primary function is the execution of thequienCLI tool. The documentation provides numerous examples of shell command execution and Go code that utilizesexec.Commandto spawn subprocesses. This capability allows the skill to perform arbitrary system operations via the external binary.- [PROMPT_INJECTION]: The skill performs tech stack detection by fetching and parsing the HTML content of target websites. This ingestion of untrusted external data represents an indirect prompt injection surface. - Ingestion points: Raw HTML, HTTP headers, and WHOIS/RDAP data from external domains processed in
SKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or provide guidance to the agent to ignore instructions embedded in the analyzed data.
- Capability inventory: The skill can execute shell commands and run Go subprocesses as documented in
SKILL.md. - Sanitization: Absent. There is no evidence of HTML sanitization or validation of the remote data before it is presented to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata