exe-dev
Fail
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute a remote script via
curl -fsSL https://raw.githubusercontent.com/kylelundstedt/dotfiles/master/install.sh | bash. This pattern is highly risky as it executes unverified code from an external source directly in the shell. - [COMMAND_EXECUTION]: The skill provides commands to modify system configuration files, such as
/etc/sudoers.d/myuser, to grant passwordless sudo access. - [COMMAND_EXECUTION]: Instructions include modifying the user's SSH configuration (
~/.ssh/config) to enable connection multiplexing and agent forwarding, which can increase the attack surface. - [EXTERNAL_DOWNLOADS]: Fetches an installation script (
install.sh) from a personal GitHub repository (kylelundstedt/dotfiles) and documentation from exe.dev. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests external documentation from exe.dev. 1. Ingestion points: https://exe.dev/docs/all.md. 2. Boundary markers: Absent. 3. Capability inventory: Piped bash execution, root-level file writes, and network operations. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/kylelundstedt/dotfiles/master/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata