adk-scaffold
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the 'uv' package manager by piping a remote script to the shell:
curl -LsSf https://astral.sh/uv/install.sh | sh. While the source is a well-known service (Astral), this pattern bypasses integrity checks and executes remote code directly. - [EXTERNAL_DOWNLOADS]: The skill makes extensive use of
uvxto download and run theagent-starter-packtool from external registries at runtime. - [COMMAND_EXECUTION]: The core functionality involves executing shell commands to generate project structures, manage directories, and configure infrastructure.
- [PROMPT_INJECTION]: 1. Deceptive Metadata: The skill's YAML frontmatter claims the author is 'Google', which contradicts the identified skill provider 'eliasecchig'. This is a form of metadata poisoning intended to misrepresent the skill's origin and authority. 2. Indirect Injection Surface: The skill ingests untrusted user requirements to generate code and CLI flags. Evidence: Ingestion (user answers in Step 1), Boundary markers (absent), Capability inventory (shell execution via uvx), Sanitization (none specified). This creates a surface where malicious user input could manipulate generated commands or configuration files.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata