skill-creator-ultra
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation guide explicitly directs users to run remote shell scripts using piped commands (curl -sL ... | bash and irm ... | iex). These scripts are hosted on a GitHub account that does not belong to a trusted organization. This pattern is a major security risk as it can be used to execute arbitrary malicious code on the host machine without user verification.\n- [EXTERNAL_DOWNLOADS]: The skill requires downloading its core components and installation scripts from untrusted external domains. This includes fetching files from raw.githubusercontent.com under an unverified user profile.\n- [PROMPT_INJECTION]: As a tool that generates instructions based on user-supplied text, it is vulnerable to indirect prompt injection. A malicious user could provide a description designed to trick the generator into creating a skill with hidden malicious instructions.\n
- Ingestion points: User descriptions provided in phase1_interview.md and test case inputs in phase6_eval.md.\n
- Boundary markers: Generated files lack clear delimiters to distinguish between generated logic and user-supplied input.\n
- Capability inventory: The skill package includes scripts capable of file system modification and command execution.\n
- Sanitization: No sanitization logic was found to prevent user-provided text from being used to inject malicious directives into generated skill files.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/marketingjuliancongdanh79-pixel/skill-generator/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata