review-skill
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install an external binary using 'go install github.com/agent-ecosystem/skill-validator-ent/cmd/skill-validator-ent@latest', which executes code from a source that is not a recognized trusted vendor.\n- [EXTERNAL_DOWNLOADS]: Fetches tool configurations and binaries from the 'agent-ecosystem' GitHub organization via Homebrew and Go's package manager, which are untrusted external sources.\n- [COMMAND_EXECUTION]: Executes several shell commands including the downloaded 'skill-validator-ent' tool, 'aws' CLI for identity verification, and local filesystem commands ('mkdir', 'cat', 'rm', 'ls') to manage the review state.\n- [CREDENTIALS_UNSAFE]: Accesses and searches sensitive local AWS configuration files ('~/.aws/config') to assist in diagnosing authentication failures.\n- [PROMPT_INJECTION]: The skill processes untrusted 'SKILL.md' and reference files through an LLM judge, making it susceptible to indirect prompt injection if those files contain instructions designed to manipulate the agent's output or logic.
Recommendations
- AI detected serious security threats
Audit Metadata