remote-bash
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to use
npx remote-bash, which downloads and executes a third-party package from the npm registry at runtime. This package is not from a trusted organization or verified source. - REMOTE_CODE_EXECUTION (HIGH): The core functionality
npx remote-bash <target> -- <command>allows the agent to execute arbitrary shell commands. This provides a direct path to system compromise if executed in a non-sandboxed environment. - COMMAND_EXECUTION (HIGH): The skill exposes a raw bash interface to the agent, which can be abused to perform unauthorized file system access or network operations beyond the scope of repository exploration.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it reads and processes data from untrusted GitHub repositories. Evidence: (1) Ingestion points: File content via cat/grep output (File: SKILL.md); (2) Boundary markers: Absent; (3) Capability inventory: npx and bash shell execution; (4) Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata