environment-setup-guide
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes setup scripts from well-known technology providers and trusted organizations.
- Evidence: Downloads and pipes scripts from 'raw.githubusercontent.com/Homebrew/install', 'deb.nodesource.com', and 'get.docker.com' to shell interpreters (SKILL.md).
- [COMMAND_EXECUTION]: Requires administrative privileges and modifies shell environments for setup tasks.
- Evidence: Utilizes 'sudo' for package management with 'apt' and 'sh', and service control with 'systemctl' (SKILL.md).
- Evidence: Modifies shell configuration files like '
/.bashrc' and '/.zshrc' to update the system PATH (SKILL.md). - [PROMPT_INJECTION]: Contains a surface for indirect prompt injection through external file processing.
- Ingestion points: Processes untrusted manifest data from 'requirements.txt' and '.env.example' during setup steps (SKILL.md).
- Boundary markers: No specific delimiters are used to isolate content from these files.
- Capability inventory: The skill uses subprocess calls for package managers ('npm', 'pip', 'brew') and shell execution (SKILL.md).
- Sanitization: No validation or sanitization of project manifest content is implemented.
- [EXTERNAL_DOWNLOADS]: Downloads binaries and installers from well-known repositories.
- Evidence: References downloads from 'community.chocolatey.org' and 'nodejs.org' (SKILL.md).
Recommendations
- HIGH: Downloads and executes remote code from: https://get.docker.com - DO NOT USE without thorough review
Audit Metadata