motion-agent
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a command to download and immediately execute a script from a remote server:
curl -sL "http://api.motion.dev/registry/skills/motion-audit?token=YOUR_TOKEN" | bash. This pattern bypasses security reviews and allows for arbitrary code execution on the user's system. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install and execute software from untrusted remote URLs instead of official package registries:
- Installing
motion-plusfrom a direct.tgzlink:https://api.motion.dev/registry.tgz?package=motion-plus&version=2.8.0&token=YOUR_AUTH_TOKEN. - Executing
motion-studio-mcpusingnpxwith a remote.tgzsource:https://api.motion.dev/registry.tgz?package=motion-studio-mcp&version=latest. - [COMMAND_EXECUTION]: The skill includes several instructions to run shell commands that modify the local environment or perform audits, such as
npm install,npx motionscore, andcurl | bashinSKILL.md. - [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by processing external URLs through the
motionscoreutility. - Ingestion points: The
npx motionscore <url>command inSKILL.mdallows the agent to process data from arbitrary websites. - Boundary markers: No delimiters or instructions to ignore embedded content are provided.
- Capability inventory: Subprocess execution via
npm,yarn,pnpm,curl, andnpxinSKILL.md. - Sanitization: There is no validation or sanitization mentioned for the input URL before it is passed to the command line utility.
Recommendations
- HIGH: Downloads and executes remote code from: http://api.motion.dev/registry/skills/motion-audit?token=YOUR_TOKEN - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata