system-setup
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently executes a local bash script (
assets/system-check.sh) to perform platform detection and dependency validation. - [EXTERNAL_DOWNLOADS]: The 'automated' mode is explicitly designed to download and install external software packages (Python, CMake, JUCE, etc.) to the local system.
- [REMOTE_CODE_EXECUTION]: Automating the installation of third-party dependencies involves the execution of external installers and scripts, which constitutes remote code execution on the host environment.
- [PRIVILEGE_ESCALATION]: The skill's error handling documentation mentions offering 'sudo' as a recovery path for installation failures, indicating it may attempt to acquire root-level permissions.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data which presents an attack surface.
- Ingestion points: Reads existing configuration from
.claude/system-config.jsonand processes outputs from thesystem-check.shscript. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing the configuration file.
- Capability inventory: The skill has access to
Bash,Read,Write, andEdittools, allowing for system-level changes and file modifications. - Sanitization: There is no evidence of sanitization or validation logic for the data read from the configuration file before it is used to influence the setup flow.
Audit Metadata