tiangolo-library-skills
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires fetching the
library-skillspackage from public registries. These are external sources that have not been verified as trusted or well-known entities within the provided security profile.\n- [REMOTE_CODE_EXECUTION]: The instructions direct the agent to runuvx library-skillsornpx library-skills, which downloads code to a temporary environment and executes it immediately. This constitutes remote code execution from an unverified source.\n- [COMMAND_EXECUTION]: The skill executes shell commands to inspect the local development environment, scan dependencies, and modify the file system by creating symbolic links in configuration directories like.agents/and.claude/skills/.\n- [PROMPT_INJECTION]: The skill establishes a mechanism for indirect prompt injection by symlinking instructions from third-party packages into the agent's context. This creates a vulnerability where any installed library can dictate agent behavior through its own embeddedSKILL.mdfile without user review.\n - Ingestion points: The
.agents/and.claude/skills/directories, where the agent is instructed to discover and follow task patterns.\n - Boundary markers: Absent; there are no instructions provided to the agent to treat symlinked content as untrusted or to ignore embedded instructions.\n
- Capability inventory: The agent is granted the capability to read and implement patterns found in arbitrary locations within its library search path via symlinks.\n
- Sanitization: Absent; the utility automatically links discovered skills from any installed dependency without content validation.
Recommendations
- AI detected serious security threats
Audit Metadata