aurakit
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to clone an external repository and immediately execute a shell script (
git clone https://github.com/smorky850612/Aurakit.git && cd Aurakit && bash install.sh). This 'download then execute' pattern from an untrusted source allows for arbitrary code execution on the user's system. - [EXTERNAL_DOWNLOADS]: The skill promotes the installation of a package from the NPM registry using
npx @smorky85/aurakit. This executes code from a package maintained by an unverified third party ('smorky85'), which is not a recognized trusted vendor. - [COMMAND_EXECUTION]: The installation instructions utilize direct shell command execution (
bash install.sh). Without visibility into the contents of this script, it could perform malicious actions such as credential harvesting, creating persistence, or establishing a reverse shell. - [INDIRECT_PROMPT_INJECTION]: The skill claims to process user input and codebase content through a complex engine with 13 runtime hooks.
- Ingestion points: Project files, user prompts via
/auracommands, and 'Instinct Learning' metadata. - Boundary markers: No explicit delimiters or boundary markers are defined in the instructions to separate untrusted data from agent instructions.
- Capability inventory: The skill mentions capabilities like 'bash-guard', 'security-scan', and 'auto-format', implying the ability to execute shell commands and modify the file system.
- Sanitization: There is no evidence of input sanitization or validation before data is processed by the underlying models.
Recommendations
- AI detected serious security threats
Audit Metadata