setup
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): File
references/harness-mem.mdcontains a piped shell execution pattern (curl -fsSL https://bun.sh/install | bash) to install the Bun runtime. This executes remote code directly into the user's shell environment without integrity verification. - [REMOTE_CODE_EXECUTION] (HIGH): File
references/remotion-setup.mdutilizesnpx create-video@latestto download and execute code from a remote npm package at runtime. - [EXTERNAL_DOWNLOADS] (MEDIUM): Multiple files (
references/dev-tools-setup.md,references/lsp-setup.md) suggest installing numerous global and local packages vianpm,pip, andbrewwithout version pinning or checksum validation, posing a supply chain risk. - [COMMAND_EXECUTION] (HIGH): The skill frequently executes local bash scripts (e.g.,
scripts/analyze-project.sh,scripts/codex-setup-local.sh,scripts/localize-rules.sh) that are not provided within the skill bundle, meaning their behavior is unverifiable and potentially malicious. - [COMMAND_EXECUTION] (MEDIUM):
references/2agent-setup.mdperformschmod +xon a dynamically created/copied script (.claude/scripts/auto-cleanup-hook.sh) to allow its execution as a hook. - [DATA_EXPOSURE] (LOW): While the skill does not hardcode secrets, it instructs the user to set up environment variables for sensitive API keys (
ANTHROPIC_API_KEY,AIVIS_API_KEY,GOOGLE_AI_API_KEY) and configures CI workflows that utilize these secrets. - [PROMPT_INJECTION] (LOW):
references/2agent-setup.mdexplicitly recommends that users do not disablebypassPermissionsMode, which allows the agent to execute tools without manual confirmation, significantly increasing the impact of a potential prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata