pipelex-setup
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute a shell script downloaded directly from the internet using
curl -fsSL https://pipelex.com/install.sh | sh. This pattern is highly dangerous as it provides no opportunity to inspect the script before execution.\n- [EXTERNAL_DOWNLOADS]: Fetches an installation script frompipelex.com, which is an external domain not included in the trusted vendors list. It also relies on the npm registry for themthdspackage.\n- [COMMAND_EXECUTION]: The skill performs several system-level operations, including checking versions ofmthds-agentandpipelex-agent, and running initialization commands likemthds-agent pipelex initwith configuration data.\n- [DATA_EXFILTRATION]: While not directly exfiltrating data to an attacker, the skill manages sensitive API keys (OpenAI, Anthropic) and guides the user to store them in shell profile files (~/.bashrc,~/.zshrc), which could be targeted by other malicious processes or inadvertently exposed.\n- [PROMPT_INJECTION]: The skill ingests untrusted user input (backend selections, telemetry preferences) and interpolates it into a JSON string used in a CLI command (mthds-agent pipelex init). This represents a surface for indirect prompt injection where a user could potentially manipulate command arguments or execution logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://pipelex.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata