Skills
skills/numman-ali/n-skills/gastown/Gen Agent Trust Hub

gastown

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill installs Go binaries directly from untrusted GitHub repositories (github.com/steveyegge/gastown and github.com/steveyegge/beads) which are not on the trusted organizations list.
  • [COMMAND_EXECUTION] (HIGH): Instructions explicitly direct the AI to use sudo for package installation (e.g., sudo apt install gh) and to modify shell configuration files (.bashrc/.zshrc) for persistence.
  • [REMOTE_CODE_EXECUTION] (HIGH): Automatically executes go install which fetches, compiles, and runs remote code from untrusted sources without verification.
  • [PROMPT_INJECTION] (MEDIUM): Directs the agent to ignore user input and automate command execution ('The user never types commands'), which can be used to bypass human-in-the-loop safety confirmations.
  • [CREDENTIALS_UNSAFE] (MEDIUM): Guides the agent through GitHub authentication (gh auth login), which involves handling sensitive authorization tokens.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:16 PM