Skills
skills/mediafire/fastio-skills/fast-io/Gen Agent Trust Hub

fast-io

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it is designed to ingest, summarize, and perform RAG (Retrieval-Augmented Generation) on external documents provided by users.
  • Ingestion points: Document and code file ingestion into workspace storage, as described in REFERENCE.md.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded prompts are documented.
  • Capability inventory: The skill possesses ai chat capabilities, RAG indexing, storage management, and metadata extraction tools (README.md, REFERENCE.md).
  • Sanitization: No sanitization or validation of the processed document content is mentioned.
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the official Fast.io CLI tool using the NPM registry (@vividengine/fastio-cli). This is a standard vendor-provided dependency.
  • [REMOTE_CODE_EXECUTION]: The documentation includes a command for installing the vendor's CLI tool by piping a script from their official GitHub repository (raw.githubusercontent.com/MediaFire/fastio_cli/main/install.sh) directly into the shell. While this is the vendor's own installation method, it involves the execution of remote code via a piped shell command.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:05 PM