sprites-dev
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute a shell script from the author's GitHub repository (kylelundstedt/dotfiles) using a curl-to-bash pipe to initialize the remote environment.
- [COMMAND_EXECUTION]: The skill facilitates arbitrary shell command execution and interactive sessions on remote Linux virtual machines through the sprite CLI tools.
- [DATA_EXFILTRATION]: The instructions describe methods for reading and transferring data from remote systems to the local machine using standard output redirection and base64 encoding.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it allows the agent to read arbitrary file content from remote Sprites into its execution context.
- Ingestion points: File reading operations via sprite exec commands in SKILL.md.
- Boundary markers: Absent; untrusted content is not delimited or labeled with instructions to ignore embedded commands.
- Capability inventory: Remote command execution, interactive console access, and API interactions on remote Sprites.
- Sanitization: None; content retrieved from remote files is processed directly by the agent without validation.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/kylelundstedt/dotfiles/master/install.sh - DO NOT USE without thorough review
Audit Metadata