datasheet-intelligence
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): Piped remote execution pattern detected in
SKILL.mdandreferences/execution-options.md. The instructioncurl -LsSf https://astral.sh/uv/install.sh | shdownloads and executes a shell script from an untrusted external source (astral.sh) directly into the command interpreter without verification. - Data Exfiltration (HIGH): The script
scripts/read_docs.pycontains a path traversal vulnerability in theresolve_doc_pathfunction. It explicitly checks if the input is a file and returns the resolved path without restricting it to theknowledge-dir. This allows an attacker to read arbitrary files from the filesystem (e.g.,scripts/read_docs.py ~/.ssh/id_rsa). - Prompt Injection (LOW): The skill exhibits an Indirect Prompt Injection surface by processing external, potentially untrusted hardware datasheets.
- Ingestion points:
scripts/ingest_docs.py(processes PDF, DOCX, HTML, Markdown, XLSX/CSV). - Boundary markers: Absent; the content is normalized and stored without markers to separate data from instructions.
- Capability inventory: Command execution via
uv run, file reading, and searching. - Sanitization: Absent; no sanitization or escaping is performed on the ingested content.
- Command Execution (MEDIUM): The script
scripts/search_docs.pyallows the use of arbitrary regular expressions via the--regexflag. Maliciously crafted regex patterns could be used to perform Regular Expression Denial of Service (ReDoS) against the agent's environment.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata