remix-mcp-quickstart
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute a remote script using
curl -fsSL https://remix.gg/install.sh | bash. This method bypasses local verification and executes arbitrary code from a remote server, which is a high-risk operation. - [CREDENTIALS_UNSAFE]: Authentication relies on reading sensitive data from the user's home directory at
~/.config/remix/credentials.jsonand theREMIX_API_KEYenvironment variable. Directing an agent to interact with plaintext credential files increases the risk of exposure. - [COMMAND_EXECUTION]: Multiple shell commands are utilized for tool operation and setup, including
npx, which dynamically downloads and executes the@remix-gg/mcppackage from the NPM registry. - [EXTERNAL_DOWNLOADS]: The skill initiates downloads from external domains, specifically
remix.gg, which is not identified as a trusted or well-known service in the provided context. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points:
.remix-settings.jsonis read at runtime. Boundary markers: None are used to separate untrusted data from instructions. Capability inventory: The skill executes CLI commands and makes API calls. Sanitization: No validation of the JSON content is performed, allowing malicious project files to influence agent logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://remix.gg/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata