ibm-cloud
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The file 'SKILL.md' includes the command 'curl -fsSL https://clis.cloud.ibm.com/install/osx | sh', which executes a remote script directly in the shell without verification. This is a primary RCE vector. The domain 'clis.cloud.ibm.com' is not listed as a trusted source.
- EXTERNAL_DOWNLOADS (HIGH): The skill documentation encourages installing the IBM Cloud CLI and various plugins from remote sources without providing integrity verification like SHA-256 hashes or specific version pinning, which is vulnerable to supply chain attacks.
- COMMAND_EXECUTION (LOW): The skill's primary function involves executing system commands via the 'ibmcloud' CLI to manage cloud infrastructure, which requires local privileges.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it reacts to untrusted user input (mentions of cloud service names) to trigger automation workflows. [1] Ingestion points: 'SKILL.md' (mentions in frontmatter and description). [2] Boundary markers: Absent. [3] Capability inventory: Subprocess calls to 'ibmcloud' and 'curl'. [4] Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://clis.cloud.ibm.com/install/osx - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata