setup
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill fetches and executes an installation script directly from the vendor's GitHub repository (CaseMark/homebrew-casedev) using the curl | sh pattern.
- [EXTERNAL_DOWNLOADS]: Installation of the casedev CLI is performed via Homebrew or by downloading a shell script from the author's official remote repository.
- [COMMAND_EXECUTION]: The agent executes various shell commands through the casedev CLI to manage document vaults, OCR, and authentication.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from external API responses. (1) Ingestion points: Untrusted data enters the agent context via output from casedev jobs list, casedev routes list, and casedev api calls. (2) Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the skill definition. (3) Capability inventory: The skill possesses the capability to execute subprocesses and perform state-changing API operations through the CLI. (4) Sanitization: No evidence of output sanitization or validation was found for data returned by the CLI tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/CaseMark/homebrew-casedev/main/install.sh - DO NOT USE without thorough review
Audit Metadata