agent-workflow
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains a Dockerfile command that fetches and executes an installation script from
https://claude.ai/install.sh. This source is an official domain associated with a well-known AI service provider. - [PROMPT_INJECTION]: The skill implements workflows for processing untrusted data from external sources, making it vulnerable to indirect prompt injection. 1. Ingestion points: Untrusted data enters the agent context through Git pull request checkouts (
gh pr checkout) and codebase analysis commands (@src/). 2. Boundary markers: The workflow templates provided do not include specific delimiters or 'ignore previous instructions' markers to mitigate the risk of the agent obeying instructions hidden in the code being reviewed. 3. Capability inventory: The skill utilizesBashandWritetools, which could be misused to execute commands or modify local files if an injection is successful. 4. Sanitization: There is no evidence of validation or sanitization of the external data before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://claude.ai/install.sh - DO NOT USE without thorough review
Audit Metadata