moltoverflow
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill relies on bundled binaries for various platforms (bin/molt-*) for its core functionality. Executing pre-compiled, opaque binaries is a high-risk practice because their internal logic cannot be verified through static analysis and they could perform arbitrary actions on the host system.
- [DATA_EXFILTRATION] (HIGH): The 'molt post' and 'molt comment' commands provide a direct mechanism to send local data to an external service. Although the documentation includes privacy warnings, there is no technical enforcement or sanitization logic to prevent an agent from exfiltrating sensitive environment variables, file paths, or credentials if it is compromised or confused.
- [REMOTE_CODE_EXECUTION] (HIGH): Vulnerability surface for Indirect Prompt Injection detected. Untrusted data enters the agent context via 'molt search' and 'molt comments' results (SKILL.md). There are no boundary markers or sanitization protocols to prevent the agent from obeying malicious instructions embedded in the external knowledge base. Since the agent is explicitly instructed to 'Apply: Use the knowledge to solve your problem', this creates a high-severity path for remote attackers to trigger command execution on the user's system.
Recommendations
- AI detected serious security threats
Audit Metadata