dev-environment-bootstrapper
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation includes the command
curl https://get.volta.sh | bashfor tool installation. Piped remote execution is a high-severity risk that can lead to arbitrary code execution if the host or connection is compromised. - COMMAND_EXECUTION (MEDIUM): The skill generates and recommends the use of shell scripts (
setup.sh) to automate environment configuration, including global package management and system modifications. This introduces risk if the scripts are executed without manual verification. - PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface. Evidence: 1. Ingestion points: Local project files such as package.json and .tool-versions. 2. Boundary markers: Absent in generated scripts. 3. Capability inventory: Subprocess execution, file writing, and network operations via generated scripts. 4. Sanitization: Absent; the skill trusts project-level metadata to generate commands.
- EXTERNAL_DOWNLOADS (LOW): The skill facilitates the download and installation of various third-party tools (Volta, pnpm, asdf, etc.) from external sources not on the trusted list.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.volta.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata