new-modular-project
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the Pixi installation script from its official domain
https://pixi.sh/install.shvia a shell pipe. Pixi is a well-known package manager recommended for the Mojo and MAX development ecosystems.\n- [EXTERNAL_DOWNLOADS]: Downloads project dependencies and toolchains from official Modular repositories and the Scarf gateway atconda.modular.com,whl.modular.com, andmodular.gateway.scarf.sh.\n- [COMMAND_EXECUTION]: The skill generates shell commands using user-supplied project names, which are executed directly (e.g.,pixi init [PROJECT],uv init [PROJECT]).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the project name parameter, which creates a potential command injection surface.\n - Ingestion points: User-provided project name requested or inferred as described in
SKILL.md.\n - Boundary markers: Absent; the skill does not specify any delimiters or safety instructions for the project name input.\n
- Capability inventory: Use of shell subprocesses for
pixi,uv,mkdir, andcdcommands.\n - Sanitization: No sanitization or validation of the user-provided string is defined before its interpolation into shell commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://pixi.sh/install.sh - DO NOT USE without thorough review
Audit Metadata