baseproject-update
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill downloads and installs files into
.claude/skills/from an untrusted GitHub repository. Because these files contain instructions and potentially scripts that the agent executes, this facilitates remote skill/code injection. - EXTERNAL_DOWNLOADS (HIGH): Clones content from
https://github.com/AutumnsGrove/BaseProject.git, which is not a trusted source according to security policy. - PROMPT_INJECTION (HIGH): This skill is vulnerable to Indirect Prompt Injection.
- Ingestion points:
git clonefromAutumnsGrove/BaseProject.gitinSKILL.md. - Boundary markers: Absent; updated instructions are merged directly into
AGENT.mdand.claude/skills/. - Capability inventory: File system modification, shell command execution, and git operations in
SKILL.md. - Sanitization: Absent; no validation or filtering of the incoming content.
- COMMAND_EXECUTION (LOW): Uses shell commands for routine maintenance (git, cp, rm). While expected for an update skill, it serves as the vehicle for more severe risks.
Recommendations
- AI detected serious security threats
Audit Metadata