Damage Control
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The installation workflows and documentation recommend executing remote scripts via piping curl output directly into a shell. Evidence: 'curl -LsSf https://astral.sh/uv/install.sh | sh' and 'curl -fsSL https://bun.sh/install | bash'. These sources are not on the trusted external sources list.
- Prompt Injection (HIGH): The skill includes a test suite that uses 'sentient' and 'autonomous' AI personas to bypass safety filters and execute destructive commands like 'rm -rf' and 'chmod 777'. Evidence: 'test-prompts/sentient.md'.
- Command Execution (HIGH): The installation cookbook executes system commands to create directories, copy files, and modify file permissions. Evidence: 'mkdir -p', 'cp', and 'chmod +x' in 'install_damage_control_ag_workflow.md'.
- Indirect Prompt Injection (HIGH): The skill acts as a security hook for all tool calls, representing a high-privilege attack surface. The LLM-based security reviewer in 'python-settings.json' and 'typescript-settings.json' is vulnerable to injection via the '$ARGUMENTS' parameter if an attacker can influence the tool input.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://bun.sh/install, https://astral.sh/uv/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata