jina-cli
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install a CLI tool by downloading a shell script from a remote URL and executing it immediately via bash without verification.
- Evidence:
curl -fsSL https://raw.githubusercontent.com/geekjourneyx/jina-cli/main/scripts/install.sh | bashin SKILL.md. - [EXTERNAL_DOWNLOADS]: The skill requires downloading and compiling code from a third-party GitHub repository (
geekjourneyx/jina-cli) that is not owned by a trusted organization or the stated skill author. - Evidence:
go install github.com/geekjourneyx/jina-cli/cli@latestin SKILL.md. - [COMMAND_EXECUTION]: The Windows installation instructions include a command to persistently modify the user's PATH environment variable.
- Evidence:
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$HOME/go/bin", "User")in SKILL.md. - [PROMPT_INJECTION]: The skill processes untrusted data from the web and social media, creating a significant surface for indirect prompt injection.
- Ingestion points: The
readandsearchcommands fetch content from arbitrary URLs and AI search results into the agent's context. - Boundary markers: No delimiters or instructions are provided to help the agent distinguish between trusted instructions and untrusted web content.
- Capability inventory: The agent can execute the
jinaCLI, write results to local files using--output-file, and manage persistent configuration keys. - Sanitization: There is no evidence that the fetched content is sanitized or filtered before being processed.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/geekjourneyx/jina-cli/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata