local-action-verification
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The script 'scripts/install-act.sh' downloads and executes code from 'https://raw.githubusercontent.com/nektos/act/master/install.sh' by piping 'curl' output directly to 'bash'. The 'nektos' organization is not in the trusted sources list, making this a significant execution risk.
- [COMMAND_EXECUTION] (HIGH): The 'scripts/install-act.sh' script attempts to execute the installation with 'sudo' privileges if available. This allows for unauthorized system-level changes if the environment has passwordless sudo enabled.
- [COMMAND_EXECUTION] (MEDIUM): The 'scripts/run-act.sh' script passes 'ACT_ARGS' directly to a shell command without any sanitization or validation, which could allow an attacker to inject additional flags or commands if they can influence the input.
- [PROMPT_INJECTION] (LOW): The skill creates an indirect prompt injection surface by instructing the agent to follow commands found in 'AGENTS.md' and '.github/workflows/'. 1. Ingestion points: 'AGENTS.md' and workflow files in '.github/workflows/'. 2. Boundary markers: Absent. 3. Capability inventory: Execution of local scripts ('run-act.sh') and the 'act' binary (Docker). 4. Sanitization: None provided for the interpolated arguments.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nektos/act/master/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata