but
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install the GitButler CLI by piping a remote script from https://gitbutler.com/install.sh directly into the shell. This is a high-risk pattern that allows unverified code execution from an external source.
- [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection through its ingestion of untrusted repository data. 1. Ingestion points: Remote branch and commit data fetched via but pull, and local file content processed via but pr new -F. 2. Boundary markers: Absent; the instructions do not specify delimiters to isolate external content. 3. Capability inventory: Broad command execution permissions including filesystem modification and network operations. 4. Sanitization: Absent; the skill does not perform validation or filtering of external data before use in command arguments.
Recommendations
- HIGH: Downloads and executes remote code from: https://gitbutler.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata