basilica
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill explicitly commands the user to pipe a remote script from an untrusted source directly to the system shell using the pattern
curl -sSL https://basilica.ai/install.sh | bash. This allows the remote server to execute arbitrary and potentially malicious code on the host machine without verification. - External Downloads (HIGH): The skill performs downloads and installations from unverified sources not present on the Trusted External Sources list, including
basilica.aiandone-covenant/sacred-artsvia npx. These sources have not been vetted for safety or integrity. - Command Execution (MEDIUM): The skill executes multiple sensitive system commands including
uv pip install,exportfor environment variable modification, andbasilica tokens createfor credential management. - Indirect Prompt Injection (LOW): The skill has a vulnerable surface for indirect injection as it processes natural language to interact with the Basilica CLI. Ingestion points: Ingests user-provided natural language queries (e.g., 'deploy vllm') to generate CLI commands. Boundary markers: Absent; there are no delimiters or warnings to prevent the agent from obeying instructions embedded in user input. Capability inventory: Includes arbitrary command execution, package installation, and API token generation. Sanitization: Absent; the skill provides no logic to escape or validate user inputs before they are passed to the underlying shell tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://basilica.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata