Ark Setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill builds and executes code from a repository at runtime ('npm install' followed by 'node tools/ark-cli/dist/index.js'). Because the source is not an organization on the Trusted GitHub Organizations list, this follows a 'download then execute' pattern with high risk.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Clones the 'mckinsey/agents-at-scale-ark' repository. While known, this organization is not within the defined 'Trusted GitHub Organizations', requiring careful verification of the repository's integrity.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection in Step 1. It provides a mechanism to fetch code from Pull Requests ('git fetch origin pull/<PR_NUMBER>/head'). This allows any external attacker to submit a PR containing malicious code which the agent will then proceed to install and execute, bypassing standard security reviews.
- [COMMAND_EXECUTION] (LOW): Executes administrative commands using 'docker', 'kind', and 'kubectl'. While necessary for the skill's purpose, these tools provide a high-privilege environment that could be exploited if malicious code is introduced via the Pull Request vector.
Recommendations
- AI detected serious security threats
Audit Metadata