media-analyze
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The README.md and install.sh promote a highly insecure installation pattern by piping a remote script from an untrusted GitHub repository directly into the shell (curl | bash), allowing for arbitrary command execution.
- [EXTERNAL_DOWNLOADS]: The install.sh script downloads multiple bash scripts and reference files from an external, unverified repository at runtime.
- [COMMAND_EXECUTION]: The skill relies on local shell scripts (scripts/analyze.sh) to generate report templates and manage the analysis workflow.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of processing unfiltered web content from multiple platforms. Ingestion points: The skill ingests data from Toutiao, WeChat, Bing, and Weibo via sub-agents and web fetching (SKILL.md). Boundary markers: There are no delimiters or specific instructions to ignore embedded commands within the fetched content. Capability inventory: The skill can execute local bash scripts and spawn new agent sessions (sessions_spawn). Sanitization: No sanitization or validation of the scraped web content is performed before report generation.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/hwj123hwj/custom-skills/main/media-analyze/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata