crunch-compete
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill's prerequisite installation command (
curl -LsSf https://astral.sh/uv/install.sh | sh) uses the 'pipe to shell' pattern. This is a high-severity risk as it executes an unverified remote script with the user's local permissions, bypassing package integrity checks. Although intended for the 'uv' tool, the source is not on the trusted whitelist provided in the security skill scope.- EXTERNAL_DOWNLOADS (LOW): The skill performs multiple external network operations to non-whitelisted domains, including fetching competition content via the GitHub API and downloading datasets via thecrunch downloadcommand. While functional for the skill's purpose, these are unverified external dependencies.- CREDENTIALS_UNSAFE (LOW): The documentation inreferences/competition-setup.mdexplicitly suggests storing competition tokens in plaintext at~/.crunch/.tokens. This practice exposes sensitive credentials to any other process or AI agent with filesystem access.- PROMPT_INJECTION (LOW): The skill analyzes external code and documentation fetched at runtime from GitHub, which constitutes an indirect prompt injection surface. An attacker controlling the remote repository could embed instructions to manipulate the agent's analysis or suggestions. Evidence Chain: 1. Ingestion points: GitHub API content fromcrunchdaorepositories; 2. Boundary markers: Absent; 3. Capability inventory: Local testing execution (crunch test), package installation (uv pip), and submission (crunch push); 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata