agent-installer
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches agent definitions from a third-party GitHub repository (VoltAgent/awesome-claude-code-subagents). These files are saved to the user's agent directory (~/.claude/agents/), allowing them to be loaded and executed by the AI system.
- [COMMAND_EXECUTION]: Uses curl and shell commands to create directories and save files to ~/.claude/agents/. This grants the skill write access to sensitive configuration paths.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. The skill processes untrusted text from a remote repository's README and agent files without sanitization. Ingestion points: GitHub API and raw file downloads. Boundary markers: None present. Capability inventory: curl, shell-based file writing to ~/.claude/agents/. Sanitization: None; instructions explicitly state to preserve exact file content.
Audit Metadata