second-opinion
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script 'scripts/refresh-binaries-from-release.sh' downloads platform-specific executable binaries from GitHub releases using the 'gh' command-line tool.
- [REMOTE_CODE_EXECUTION]: The skill's primary functionality relies on executing downloaded binaries which are not provided in source form within the skill and are executed without verification.
- [COMMAND_EXECUTION]: The scripts 'scripts/build-release-binary.sh' and 'scripts/refresh-binaries-from-release.sh' perform sensitive system operations including changing file permissions ('chmod +x') on downloaded executable content.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted user input via the 'ask' command and passes it to Grok AI without visible sanitization or boundary markers. Ingestion points: 'scripts/second-opinion' (via command line arguments). Boundary markers: None identified. Capability inventory: Binary execution and network communication via a local WebSocket server. Sanitization: None identified.
Audit Metadata