still-reading
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions promote piping remote shell scripts directly into bash for installation. This method allows for the execution of unverified code from external domains. Evidence includes
curl -fsSL https://still-reading.vercel.app/install.sh | bashandcurl -fsSL https://here.now/install.sh | bash. - [COMMAND_EXECUTION]: The installation process involves direct terminal commands and the use of
npxfor installing dependencies, which can be exploited if the source repositories are compromised. - [PROMPT_INJECTION]: The application includes a feature to fetch markdown from external URLs via query parameters. This presents an indirect prompt injection surface where malicious instructions could be embedded in the fetched content to influence an agent's behavior. Evidence chain: Ingestion points: Content is fetched from a user-provided URL in
index.html. Boundary markers: No explicit delimiters or ignore-instructions are used. Capability inventory: The skill is a text visualizer that uses JS to fetch and render words. Sanitization: The parser strips markdown tags but does not validate text content for safety.
Recommendations
- HIGH: Downloads and executes remote code from: https://still-reading.vercel.app/install.sh, https://here.now/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata