Skills
skills/montimage/skills/install-script-generator/Gen Agent Trust Hub

install-script-generator

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run with shell=True in scripts/executor.py, scripts/doc_generator.py, and scripts/env_explorer.py to execute system-level commands.
  • [COMMAND_EXECUTION]: A command injection vulnerability exists in scripts/plan_generator.py and scripts/doc_generator.py where the user-supplied software name is directly embedded into shell commands like f"sudo apt-get install -y {target}" without validation.
  • [COMMAND_EXECUTION]: The skill requests and uses elevated privileges (sudo or Administrator rights), which increases the potential impact of command injection.
  • [COMMAND_EXECUTION]: Indirect Prompt Injection Surface: 1. Ingestion points: User input for software target in scripts/plan_generator.py. 2. Boundary markers: Absent. 3. Capability inventory: Elevated shell execution in scripts/executor.py. 4. Sanitization: Absent.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with system package managers (apt, brew, winget, dnf, yum, pacman) to fetch software. While the managers are trusted, the specific packages are controlled by unsanitized user input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 06:36 PM