Skills
skills/localstack/skills/localstack-extensions/Gen Agent Trust Hub

localstack-extensions

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill provides functionality to install and run LocalStack extensions, which are executable Python components. Commands like localstack extensions install allow for arbitrary code execution within the environment where the agent operates.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill explicitly supports downloading code from unverified external sources, including Git repositories (git+https://github.com/org/extension-repo.git) and PyPI. This bypasses typical software supply chain controls if used dynamically by an agent.
  • [COMMAND_EXECUTION] (MEDIUM): The skill uses shell commands to manage extensions. If an attacker can influence the extension name or URL through indirect prompt injection, they can force the agent to execute installation commands targeting malicious payloads.
  • [INDIRECT PROMPT INJECTION] (HIGH): This skill has a high capability tier (code execution) and ingests untrusted data (extension names/URLs). It lacks explicit boundary markers or sanitization logic to prevent a user or external data source from providing a malicious URL that the agent then 'trusts' and installs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 03:36 AM