Skills
skills/mathews-tom/praxis-skills/agent-builder/Gen Agent Trust Hub

agent-builder

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documents the installation of the Claude Code CLI using a script from https://claude.ai/install.sh. This is an official source provided by the service developer.
  • [REMOTE_CODE_EXECUTION]: The documentation includes patterns for executing a remote installation script via shell piping (curl -fsSL https://claude.ai/install.sh | bash). This is a standard installation method for the well-known service referenced.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of system commands through the Bash tool and headless CLI mode. To mitigate risk, the skill provides concrete examples of implementing safety hooks to block destructive commands like rm -rf and mkfs.
  • [PROMPT_INJECTION]: The skill describes building agents that ingest external data (e.g., codebase analysis, PR diffs) and execute tools, creating a surface for indirect prompt injection.
  • Ingestion points: File reading via Read tool and standard input processing in headless mode.
  • Boundary markers: Not strictly enforced in base templates, though the skill recommends using json-schema to constrain outputs.
  • Capability inventory: File system modification (Edit, Write) and system command execution (Bash).
  • Sanitization: Includes examples of HookMatcher and custom validation logic to inspect and deny dangerous tool inputs before execution.
Recommendations
  • HIGH: Downloads and executes remote code from: https://claude.ai/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 08:05 PM