test-release
Fail
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes a remote installation script by piping
curloutput directly intobash(e.g.,curl -fsSL https://raw.githubusercontent.com/coleam00/Archon/main/scripts/install.sh | bash). This occurs in local macOS contexts and on remote Linux targets. - [COMMAND_EXECUTION]: Extensively uses SSH to execute arbitrary commands on remote VPS systems for environment discovery and smoke testing.
- [COMMAND_EXECUTION]: Utilizes
sudoon remote systems during the cleanup phase to remove files from privileged directories such as/usr/local/bin/. - [EXTERNAL_DOWNLOADS]: Downloads executable scripts and release artifacts from GitHub repositories. While these resources belong to the software author, the execution of unverified remote code is a significant security risk.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via manipulated GitHub release tags. Evidence Chain: 1. Ingestion points: Release version metadata fetched via
gh release list. 2. Boundary markers: Explicit user confirmation required before starting the install/test phase. 3. Capability inventory: Remote code execution, SSH command execution, file system modification, and privilege escalation via sudo. 4. Sanitization: Absent for version strings interpolated into shell commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/coleam00/Archon/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata