Skills
skills/jamie-bitflight/claude_skills/perl-environment-setup/Gen Agent Trust Hub

perl-environment-setup

Fail

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to pipe a remote script directly into the bash shell using curl -L https://install.perlbrew.pl | bash. This pattern is a critical security risk as it executes unverified code from an external source.
  • [COMMAND_EXECUTION]: The skill implements persistence mechanisms by modifying shell profile files (~/.bashrc, ~/.zshrc, and ~/.config/fish/config.fish) to automatically source external scripts or evaluate tool initializations like eval "$(plenv init -)" in every new session.
  • [COMMAND_EXECUTION]: The instructions include the use of sudo to install system-level dependencies, which involves privilege escalation.
  • [EXTERNAL_DOWNLOADS]: The skill downloads software and configuration files from non-whitelisted external sources, including install.perlbrew.pl and the tokuhirom/plenv GitHub repository.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by reading and processing the .perl-version file, which could contain malicious instructions if the file is sourced from an untrusted project directory.
Recommendations
  • HIGH: Downloads and executes remote code from: https://install.perlbrew.pl - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 3, 2026, 02:02 PM