cruncher-skill
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill performs piped remote execution by running
curl -LsSf https://astral.sh/uv/install.sh | sh. This pattern is highly dangerous as it executes arbitrary code from a remote, non-trusted source without verification. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is designed to read and process untrusted external content (quickstarter code,
main.py, andSKILL.mdfrom external repositories). Because the agent has the capability to test (crunch test) and submit (crunch push) solutions influenced by this data, an attacker could embed malicious instructions in a repository to trigger unintended command execution or data exfiltration. - EXTERNAL_DOWNLOADS (MEDIUM): The skill installs multiple third-party Python packages (
crunch-cli,crunch-synth,birdgame) and clones external repositories from thecrunchdaoGitHub organization. These are unverifiable dependencies from sources not on the pre-approved trusted list. - COMMAND_EXECUTION (LOW): The skill makes network requests to the GitHub API (
api.github.com) to fetch content. While the domain is trusted, the content is untrusted and feeds into the indirect prompt injection surface.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://astral.sh/uv/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata