matrix-communication
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from the Matrix network. \n * Ingestion points: The scripts
matrix-read.pyandmatrix-read-e2ee.pyretrieve message content from external Matrix rooms. \n * Boundary markers: No specific delimiters or protective instructions are implemented for the retrieved message content. \n * Capability inventory: The skill can send messages, edit/redact messages, and perform authenticated API calls to homeservers. \n * Sanitization: No sanitization is performed on incoming message content before it is processed by the AI agent. \n- [COMMAND_EXECUTION]: The diagnostic script performs package installation. \n * Thematrix-doctor.pyscript executespip installviasubprocess.runto manage thematrix-niolibrary when run with the--installflag. \n- [REMOTE_CODE_EXECUTION]: The codebase includes a reference to a remote execution pattern within a help string. \n * Evidence:scripts/matrix-doctor.pycontains aprintstatement recommendingcurl -LsSf https://astral.sh/uv/install.sh | sh. This is a recommendation for manual user installation and is not automatically executed by the skill code. \n- [EXTERNAL_DOWNLOADS]: The skill downloads dependencies and interacts with remote homeservers. \n * The skill fetches thematrix-nio[e2e]package from the standard Python Package Index (PyPI). \n * The skill makes authenticated network requests to remote homeservers via the Matrix Client-Server API.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata