Skills
skills/flagos-ai/skills/install-stack/Gen Agent Trust Hub

install-stack

Fail

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses https://ghfast.top as a mirror for cloning repositories in scripts/detect_network.py and references/network-mirrors.md. This domain has been identified as malicious by automated scanners and is not a verified or trusted source for code distribution.
  • [COMMAND_EXECUTION]: Several scripts, including scripts/collect_env_info.py and scripts/detect_network.py, use subprocess.run to execute shell commands for system discovery. The SKILL.md also instructs the agent to use docker exec for various installation and configuration tasks.
  • [REMOTE_CODE_EXECUTION]: Clones and installs packages from external sources (including an untrusted mirror) using pip install -e ., which allows the execution of arbitrary code during the installation process through setup scripts.
  • [DATA_EXFILTRATION]: Collects environment information like GPU details, glibc versions, and architecture from the container to inform installation logic, which is then processed by the agent.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: JSON outputs from discovery scripts and external Git repository content. Boundary markers: Absent. Capability inventory: docker exec, Bash(*), Write. Sanitization: Absent.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 25, 2026, 07:08 AM