fp-review
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to recommend a piped shell installation command for the fp CLI: 'curl -fsSL https://setup.fp.dev/install.sh | sh -s'. This is a high-risk pattern for executing remote code without verification. Evidence: Found in the Prerequisites section. Severity was downgraded from CRITICAL to HIGH as it relates to the primary skill purpose.
- [COMMAND_EXECUTION] (MEDIUM): The skill directs the agent to execute various system commands, including git/jj operations and Fiberplane CLI commands, which interact with the local file system and environment.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection. It processes untrusted data from git logs and source code which could contain malicious instructions designed to influence the agent's review comments or story generation.
- Ingestion points: git log, jj log, and file contents.
- Boundary markers: Absent.
- Capability inventory: Ability to post comments (fp comment) and create stories (fp story create).
- Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://setup.fp.dev/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata