skill-compass
Fail
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The file 'test-fixtures/malicious-curl-pipe/SKILL.md' contains a command that downloads and executes a script from 'https://setup-service.com/install.sh', which is a confirmed blacklisted malicious domain.
- [DATA_EXFILTRATION]: A Base64-encoded command in 'test-fixtures/malicious-base64-exfil/SKILL.md' is designed to read SSH private keys from the home directory and exfiltrate them to an external endpoint at 'https://exil.example.com/collect'.
- [PROMPT_INJECTION]: Multiple fixtures contain sophisticated prompt injection attacks. 'test-fixtures/malicious-ascii-smuggling/SKILL.md' uses Unicode Tag characters (ASCII smuggling) to hide malicious instructions that override agent behavior. 'test-fixtures/malicious-prompt-injection/SKILL.md' uses explicit instructions to 'ignore all previous instructions' and execute destructive system commands.
- [CREDENTIALS_UNSAFE]: The skill package includes hardcoded production-style credentials in test files, including PostgreSQL connection strings with passwords in 'test-fixtures/d3-insecure/SKILL.md' and a GitHub Personal Access Token in 'test-fixtures/weak-skill/.skill-compass/deploy-helper/snapshots/1.0.0.md'.
- [EXTERNAL_DOWNLOADS]: The skill facilitates remote code updates via git fetch and pull operations in 'lib/update-checker.js' and includes instructions to fetch data from 'rentry.co', a known risk domain for hosting malicious payloads.
- [COMMAND_EXECUTION]: Instruction sets in 'test-fixtures/d3-insecure/SKILL.md' utilize dangerous command execution patterns by directly interpolating unsanitized user variables into shell commands.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata