install-script-generator
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
scripts/executor.pyandscripts/doc_generator.pyutilizesubprocess.run(shell=True)to execute system commands. This includes executing installation plans and running software verification checks.\n- [COMMAND_EXECUTION]: A command injection vulnerability exists inscripts/doc_generator.pyandscripts/plan_generator.pybecause the software name (target) is interpolated directly into shell command strings (e.g.,f"{target} --version") without sanitization or escaping.\n- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and install software from remote repositories using standard package managers such asapt,brew,dnf,yum,pacman,winget, andchoco.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection.\n - Ingestion points: Untrusted data enters the system through the software name (
--target) and dependencies (--deps) parameters inscripts/plan_generator.py.\n - Boundary markers: None. There are no delimiters or instructions to treat these inputs as data rather than executable commands.\n
- Capability inventory: The skill can execute arbitrary shell commands and acquire administrative privileges via
sudo.\n - Sanitization: No escaping, validation, or filtering is applied to the input strings before they are incorporated into shell commands.\n- [DATA_EXFILTRATION]:
scripts/env_explorer.pyperforms extensive system discovery, collecting sensitive environment metadata including OS details, user permissions (sudo/admin status), and directory structures. While necessary for the skill's function, this increases the risk if the data is mishandled.
Audit Metadata