fastlike
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads code from a personal GitHub repository (github.com/avidal/fastlike) and an unverified external domain (fastlike.dev) which are not associated with the official vendor organization or the trusted list.
- [COMMAND_EXECUTION]: The instructions require executing shell commands such as 'make build', 'make install', and 'go install' to build and install software from these unverified sources.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of unverified third-party binaries on the local system by instructing the agent and user to run the compiled 'fastlike' executable.
- [PROMPT_INJECTION]: The skill displays misleading metadata by claiming 'fastly' as the author while promoting a non-vendor project as the 'authoritative reference' and instructing the agent to ignore official platform tools like Viceroy. Additionally, the agent is directed to ingest and rely on external source code from an untrusted repository, creating a surface for indirect prompt injection from files that may contain instructions designed to override agent behavior.
Audit Metadata