Art
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The setup instructions include
curl -fsSL https://bun.sh/install | bash. This pattern is a critical security risk as it executes a remote script with full shell privileges without any integrity verification. Since the source domainbun.shis not within the defined trusted scope, this finding retains the highest severity. - [EXTERNAL_DOWNLOADS] (HIGH): The skill requires downloading and installing an external runtime (Bun) from a third-party source at runtime, which is not version-pinned or verified.
- [CREDENTIALS_UNSAFE] (LOW): The documentation requests the user to set several environment variables for sensitive API keys (GOOGLE_API_KEY, REPLICATE_API_TOKEN, OPENAI_API_KEY). While these are required for operation, the presence of a remote execution vector increases the risk that these secrets could be harvested.
- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill ingests untrusted text via the
--promptflag to generate visual content. - Ingestion points: User-provided strings via the CLI
--promptflag inSKILL.md. - Boundary markers: None identified; prompts are interpolated directly into the tool execution.
- Capability inventory: The skill performs network operations to external AI model APIs and writes files to the local filesystem (
~/Downloads/). - Sanitization: No evidence of prompt sanitization or escaping is provided in the documentation.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://bun.sh/install - DO NOT USE
- AI detected serious security threats
Audit Metadata