solodit
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation and automated scans confirm an unsafe installation pattern where a remote script from an untrusted GitHub repository is piped directly into the bash shell (curl ... | bash). This execution model allows for arbitrary command execution on the host system.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill is configured to execute using 'npx -y BowTiedSwan/solodit-api-skill', which downloads and runs code from the npm registry at runtime. As the author is not on the trusted list, this poses a risk of supply chain attacks or malicious code updates.
- [COMMAND_EXECUTION] (MEDIUM): The 'install.sh' script performs directory creation and file writes within the user's home directory, specifically targeting configuration paths for AI tools like Claude and OpenCode.
- [PROMPT_INJECTION] (LOW): This skill represents a surface for indirect prompt injection (Category 8) because it retrieves vulnerability data from an external API (solodit.cyfrin.io) and presents it to the agent. Evidence: (1) Ingestion point: Tools 'search_vulnerabilities' and 'get_finding'; (2) Boundary markers: None identified in SKILL.md; (3) Capability inventory: Skill allows network data retrieval and agent tool use; (4) Sanitization: No sanitization of API-provided markdown is mentioned in the configuration.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/BowTiedSwan/solodit-api-skill/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata