ru
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The application dynamically sources a configuration file (.ru/agent-sweep.conf) from the repository currently being processed. This allows a repository to execute arbitrary shell code on the host machine when maintenance tasks are performed.
- [PROMPT_INJECTION]: The AGENTS.md file contains a RULE 0 directive that instructs AI agents to override their standard behavior and follow the user's instructions unconditionally, which is a pattern used to bypass agent constraints.
- [EXTERNAL_DOWNLOADS]: The installation process fetches and executes scripts directly from remote GitHub repositories using the curl | bash pattern. These downloads originate from the author's own repositories.
- [COMMAND_EXECUTION]: The installer script utilizes sudo for system-wide installations to copy files and modify permissions in /usr/local/bin.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/.../install.sh, https://raw.githubusercontent.com/Dicklesworthstone/repo_updater/main/install.sh?ru_cb=$(date - DO NOT USE without thorough review
Audit Metadata