install-script-generator
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill generates and promotes installation commands that pipe remote script content from GitHub raw URLs directly into a shell (e.g., curl | bash). This pattern is a significant security risk as it executes unverified remote code.
- [COMMAND_EXECUTION]: The
scripts/executor.pyscript usessubprocess.run(shell=True)to execute arbitrary commands from a YAML plan. The skill also performs automatedgit fetchandgit pulloperations, which execute code from a remote repository. - [EXTERNAL_DOWNLOADS]: The skill downloads and executes scripts from
raw.githubusercontent.com. While the platform is well-known, the specific content is user-controlled and unverified. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Repository files like
Makefile,package.json, andsetup.pyare analyzed inSKILL.md. Boundary markers: Absent. Capability inventory:executor.pycan run arbitrary shell commands withshell=True. Sanitization: Absent. Malicious project files could inject instructions into the generated installation plan. - [DATA_EXFILTRATION]:
scripts/env_explorer.pycollects detailed system metadata (OS, architecture, permissions, paths). This information is stored locally inenv_info.jsonbut could be leaked if included in documentation or scripts generated by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ - DO NOT USE without thorough review
Audit Metadata