kuroco-docs
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill performs unverified remote code execution by downloading a shell script and piping it directly to the bash interpreter.
- Evidence:
curl -fsSL https://raw.githubusercontent.com/diverta/kuroco-skills/main/skills/kuroco-docs/scripts/sync-docs.sh | bash -s -- "${CLAUDE_PLUGIN_ROOT}"found inSKILL.md. - Context: While the script is intended for syncing Kuroco documentation, the repository
diverta/kuroco-skillsis not a trusted source, meaning the script could be maliciously modified without the user's knowledge. - EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads both scripts and data files from an external source not identified as a trusted organization.
- COMMAND_EXECUTION (LOW): The skill uses various shell commands (
ls,cat,date,grep) to manage local files and search documentation. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests and processes external data (markdown files) that could contain malicious instructions.
- Ingestion points: External markdown files downloaded to
${CLAUDE_PLUGIN_ROOT}/docs/. - Boundary markers: Absent; documentation is read and displayed directly without delimiters or instruction-ignore warnings.
- Capability inventory: The skill possesses file system access, command execution (bash), and network access (curl).
- Sanitization: Absent; there is no validation or sanitization of the content within the downloaded documentation before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/diverta/kuroco-skills/main/skills/kuroco-docs/scripts/sync-docs.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata