fp-implement
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The skill contains a pattern that pipes a remote script directly to the shell for execution:
curl -fsSL https://setup.fp.dev/install.sh | sh -s. This is an extremely dangerous pattern as it allows an unverified third-party server to execute any command on the host system without inspection. - External Downloads (HIGH): The skill relies on an external domain (
fp.dev) that is not part of the trusted organizations list. This increases the risk of supply chain attacks or domain hijacking leading to malicious code delivery. - Indirect Prompt Injection (LOW):
- Ingestion points: The skill ingests untrusted data from issue descriptions, comments, and project trees using commands like
fp context,fp log, andfp tree. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the issue data being processed.
- Capability inventory: The agent has the ability to execute CLI commands, modify issue statuses, and potentially commit changes to a version control system.
- Sanitization: The skill lacks any visible sanitization or validation of the data retrieved from external issue trackers before processing it.
Recommendations
- HIGH: Downloads and executes remote code from: https://setup.fp.dev/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata