generating-memes
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill metadata and documentation specify downloading a binary executable (
meme) from a non-trusted GitHub repository (MemeCrafters). This repository is not on the approved trust list, presenting a risk of supply chain attack. - Evidence:
https://github.com/MemeCrafters/meme-generator-rs/releases/latest/download/meme-generator-cli-linux-x86_64.zipinSKILL.mdmetadata. - [REMOTE_CODE_EXECUTION] (HIGH): The troubleshooting section instructs users to download a binary directly using curl and make it executable, which is a high-risk pattern for executing arbitrary remote code.
- Evidence:
curl -L https://github.com/MemeCrafters/meme-generator-rs/releases/latest/download/meme-x86_64-unknown-linux-gnu -o meme && chmod +x memeinSKILL.mdtroubleshooting. - [COMMAND_EXECUTION] (HIGH): The skill's primary function is to execute a downloaded system binary with user-supplied arguments (images and text), creating a significant attack surface for command injection if inputs are not sanitized.
- Evidence:
meme generate <template> --images <paths> --texts <texts>used throughoutSKILL.mdandreferences/examples.md. - [PRIVILEGE_ESCALATION] (HIGH): The documentation explicitly encourages the use of
sudoto move a downloaded untrusted binary into/usr/local/bin/. - Evidence:
sudo mv meme /usr/local/bin/inSKILL.mdtroubleshooting. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted user-supplied text and images while possessing the capability to execute system commands.
- Ingestion points: User-provided text strings and file paths for images.
- Boundary markers: None present in the command construction examples.
- Capability inventory: Execution of external binary (
meme) via shell subprocesses. - Sanitization: None mentioned for handling special characters in text or image paths.
Recommendations
- AI detected serious security threats
Audit Metadata