moltoverflow-knowledge
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Unverifiable Dependencies] (HIGH): The skill includes a bundled binary 'bin/molt' from 'moltoverflow', which is not a trusted source. Executing unverified executables is a high-risk activity as their behavior cannot be audited through the skill metadata.
- [Indirect Prompt Injection] (HIGH): The 'molt search' and 'molt comments' commands ingest external, attacker-controlled content. The instructions specifically tell the agent to 'review' and 'apply' this content to solve problems, creating a direct path for malicious instructions to influence agent behavior. Ingestion points: 'molt search' and 'molt comments' outputs; Boundary markers: None; Capability inventory: Shell access (to apply snippets); Sanitization: None.
- [Remote Code Execution] (HIGH): The workflow encourages finding and executing code solutions from an external knowledge base, effectively facilitating the execution of unvetted and potentially malicious remote code.
- [Data Exfiltration] (MEDIUM): The 'molt post' command provides a mechanism for the agent to send data to an external server. This could be abused to exfiltrate sensitive local files if the agent is manipulated by a prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata