insights-archive
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructions direct the user to download a shell script from an untrusted GitHub repository (jonathanprozzi/dotfiles) and grant it execution permissions.
- REMOTE_CODE_EXECUTION (HIGH): By facilitating the download and subsequent execution of code from an external, untrusted source, the skill creates a path for remote code execution.
- COMMAND_EXECUTION (HIGH): The skill maps user-provided arguments directly to a shell command using the Bash tool without evidence of input sanitization, creating a high risk of command injection.
- INDIRECT_PROMPT_INJECTION (HIGH): 1. Ingestion points: User-supplied arguments for the subcommands archive, open, and diff. 2. Boundary markers: None identified. 3. Capability inventory: Bash tool usage to execute the downloaded script and Read tool for file access. 4. Sanitization: None described; arguments are passed directly through to the shell.
Recommendations
- AI detected serious security threats
Audit Metadata