skillshare
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The runner script
scripts/run.shfacilitates the download and execution of a compiled binary from an untrusted GitHub repository (runkids/skillshare). This allows arbitrary code execution on the host machine. - [EXTERNAL_DOWNLOADS]: The skill documentation and runner script promote the 'curl | sh' pattern, a high-risk method for executing remote code without verification.
- [EXTERNAL_DOWNLOADS]: The
installcommand enables fetching and linking content from arbitrary, unverified third-party Git repositories and URLs, creating a large attack surface for untrusted code injection. - [COMMAND_EXECUTION]: The script
scripts/run.shuses shell commands (curl,tar,chmod,exec) to download, prepare, and run software directly from the internet. - [PROMPT_INJECTION]: The skill exposes AI tools to indirect prompt injection by syncing unverified remote content into their active skill directories.
- Ingestion points: Remote Git repositories via
references/install.md. - Boundary markers: None specified for the content of the linked skills.
- Capability inventory: Modifies sensitive AI tool configuration directories (e.g.,
~/.claude/skills). - Sanitization: Includes a security auditor mentioned in
references/audit.md, though its effectiveness is unverified against the core runner script.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/runkids/skillshare/main/skills/skillshare/scripts/run.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata