auth-setup
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command
curl https://goldsky.com | shwhich executes a script from a remote URL directly in the shell. While the URL belongs to the skill author, this method is a known high-risk pattern. - [COMMAND_EXECUTION]: The skill executes multiple commands via the
goldskyCLI tool, includinggoldsky login --token,goldsky project create, andgoldsky project users inviteto manage authentication and project settings. - [EXTERNAL_DOWNLOADS]: The CLI installation process involves downloading an execution script from
goldsky.com. - [PROMPT_INJECTION]: The skill requests a sensitive API token from the user and interpolates it into a shell command (
goldsky login --token USER_PROVIDED_TOKEN). This creates an indirect prompt injection surface where malformed input could lead to unintended command execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://goldsky.com - DO NOT USE without thorough review
Audit Metadata