afs
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation recommends installation via a shell script downloaded from a remote GitHub repository and piped directly to the shell (
curl -fsSL https://raw.githubusercontent.com/geekjourneyx/agent-fs/main/scripts/install.sh | bash).- [EXTERNAL_DOWNLOADS]: The skill references and downloads an installation script from an external repository managed by the author (github.com/geekjourneyx/agent-fs).- [COMMAND_EXECUTION]: The skill facilitates the execution of its own CLI tool (afs) for local file operations and cloud storage management.- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by allowing the agent to read and process untrusted local files and log data. - Ingestion points: Ingests external content via
afs local readandafs cloud download. - Boundary markers: The instructions do not specify any delimiters or boundary markers to separate file data from agent instructions.
- Capability inventory: Includes local file access (read/write/zip/unzip), cloud storage operations (upload/download/list), and configuration management.
- Sanitization: No sanitization or escaping of ingested data is described in the skill's logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/geekjourneyx/agent-fs/main/scripts/install.sh - DO NOT USE without thorough review
Audit Metadata