Skills
AGENT LAB: SKILLS
skills/auth0/agent-skills/auth0-quickstart/Gen Agent Trust Hub

auth0-quickstart

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The file references/cli.md instructs users to download a shell script from https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh and pipe it directly to the shell (| sh). This constitutes an unverified remote code execution pattern from a source not listed in the Trusted External Sources.
  • [CREDENTIALS_UNSAFE] (HIGH): Instructions in references/cli.md recommend the use of the auth0 apps show <app-id> --reveal command, which explicitly outputs sensitive client secrets in plain text to the terminal and agent context.
  • [COMMAND_EXECUTION] (MEDIUM): The framework detection logic in SKILL.md performs system commands like cat package.json | grep and ls -la | grep. These commands can be influenced by malicious file content or names in the local environment.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill encourages downloading and installing the Auth0 CLI through third-party package managers (Homebrew, Scoop, Chocolatey).
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface (Category 8) identified. 1. Ingestion: Reading package.json and directory listings. 2. Boundary markers: Absent. 3. Capability inventory: System command execution and CLI interaction. 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 03:44 PM