godspeed
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions in
rules/install.mdprovide a one-liner command that fetches a shell script from a remote URL (https://raw.githubusercontent.com/syxs/godspeed-cli/master/install.sh) and pipes it directly into the bash interpreter, which is an unverified execution of remote code. - [CREDENTIALS_UNSAFE]: The skill requires an API token for authentication and explicitly documents in
rules/security.mdthat sensitive credentials are persisted locally in~/.godspeed/config.json. This file is a high-value target for unauthorized access. - [EXTERNAL_DOWNLOADS]: The skill documentation recommends downloading and installing the
@syxs/godspeed-clipackage from the NPM registry, introducing external third-party code into the environment. - [COMMAND_EXECUTION]: The wrapper script
scripts/godspeed-cli.shexecutes thegodspeedbinary using the"$@"pattern, which passes all shell arguments directly to the CLI and can be exploited for command injection if input is not properly handled by the calling agent. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It ingests untrusted data from task titles and notes (e.g., in
SKILL.md) without utilizing boundary markers or sanitization logic. This could allow malicious content within a task to influence the agent's behavior when it later lists or reads those tasks through the CLI's JSON output.
Recommendations
- AI detected serious security threats
Audit Metadata