gastown
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the agent to download third-party command-line utilities from a personal GitHub account (github.com/steveyegge). These tools are necessary for the skill to operate but do not originate from a verified organization.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of external code by directing the agent to run
go installon third-party repositories, which compiles and installs executable binaries on the local system. - [COMMAND_EXECUTION]: The skill relies on shell command execution for its primary functionality, including running diagnostics, management commands, and auto-repair routines that can modify local configuration files.
- [PROMPT_INJECTION]: The skill exhibits metadata deception; the author listed in the SKILL.md YAML ('Numman Ali') does not match the platform-provided author metadata ('jeremylongshore'). Additionally, the skill processes external code from user-provided GitHub repositories without explicitly documented boundary markers or sanitization, creating a surface for indirect prompt injection.
- Ingestion points: User-provided GitHub URLs in references/examples.md.
- Boundary markers: None present in the skill instructions.
- Capability inventory: The skill utilizes Bash, Write, Edit, Read, Grep, Glob, and WebFetch tools.
- Sanitization: No validation or sanitization of content from external repositories is performed before processing.
Audit Metadata