amq-cli
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions in
SKILL.mddirect the user to pipe a remote shell script directly into bash:curl -fsSL https://raw.githubusercontent.com/avivsinai/agent-message-queue/main/scripts/install.sh | bash. This pattern is high-risk as it executes unverified code from a remote source. - [PROMPT_INJECTION]: The skill instructions in
SKILL.mdexplicitly direct the agent to use flags that bypass security controls:--dangerously-skip-permissionsand--dangerously-bypass-approvals-and-sandbox. These instructions are intended to override the agent's internal safety and permission protocols. - [COMMAND_EXECUTION]: The skill relies on the execution of an external binary (
amq) and provides numerous examples of shell commands for message management, environment configuration, and process interruption (Ctrl+C injection). - [DATA_EXPOSURE]: The skill involves reading and writing message files to a shared directory (e.g.,
.agent-mail). While intended for coordination, this creates an attack surface for indirect prompt injection if an attacker can write to the message queue monitored by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/avivsinai/agent-message-queue/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata