proto
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation includes installation commands that pipe a script from an unverified third-party source (moonrepo.dev) directly into the bash shell, enabling potential system compromise.
- EXTERNAL_DOWNLOADS (HIGH): The tool downloads and executes WASM plugins and language binaries from arbitrary URLs specified in configuration files, lacking cryptographic verification of sources.
- PROMPT_INJECTION (HIGH): The skill is susceptible to indirect prompt injection as it automatically reads and acts upon .prototools files found in project directories. Attackers can use these files to define malicious plugin sources that the tool will download and execute when invoked by the agent.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://moonrepo.dev/install/proto.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata