cyrus-setup-prerequisites
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses elevated privileges via
sudoto perform system-level installations and configuration updates.\n - Evidence:
sudo -E bash -,sudo apt install -y nodejs,sudo apt install -y jq.\n- [REMOTE_CODE_EXECUTION]: On Linux systems, the skill downloads a script from a remote URL and pipes it directly into a shell with root privileges.\n - Evidence:
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -.\n- [CREDENTIALS_UNSAFE]: The skill references and interacts with a configuration directory (~/.cyrus/) and an environment file (~/.cyrus/.env). While it instructs the agent to avoid reading secrets into the chat context, the interaction with such files is a sensitive operation.\n - Evidence:
~/.cyrus/.env,mkdir -p ~/.cyrus.\n- [EXTERNAL_DOWNLOADS]: The skill fetches and installs several external components, including thecyrus-aiandagent-browserpackages from the NPM registry, as well as system tools from official repositories.\n - Evidence:
npm install -g cyrus-ai,npm install -g agent-browser,brew install node.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-controlled input (package manager preference) directly into shell commands without validation or sanitization.\n - Ingestion points: Step 1 (User preference for package manager).\n
- Boundary markers: Absent.\n
- Capability inventory: Shell execution for package installation in Step 4.\n
- Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata