slot-deploy
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill performs piped remote execution (
curl -L https://slot.cartridge.sh | bash) to install the Slot CLI. This executes code from an unverified source directly in the shell without integrity checks. - [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection as it processes external configuration data. * Ingestion points: Reads configuration from
torii.tomlvia the--configflag. * Boundary markers: None present in the prompt instructions. * Capability inventory: Executes shell commands (slot deployments create/update) that utilize the provided configuration. * Sanitization: None documented; the agent passes file contents directly to shell-executed tools. - [External Downloads] (MEDIUM): The installation process fetches resources from
cartridge.sh, which is not a verified trusted domain, increasing the risk of a supply chain attack. - [Command Execution] (MEDIUM): The skill dynamically constructs shell commands using user-provided strings such as
<Project Name>, which may be susceptible to command injection if the underlying CLI doesn't sanitize these inputs.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://slot.cartridge.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata