security-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Automated scanning confirmed the presence of piped bash commands (curl | bash) downloading from an untrusted domain (evil.com), which allows for arbitrary code execution.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: The skill reads external skill files via scanning triggers. Capability inventory: It has access to network tools and sensitive file systems. Boundary markers and Sanitization: None are identified in the configuration to prevent the agent from executing instructions embedded in audited skills.
- [COMMAND_EXECUTION] (HIGH): The skill logic includes patterns for accessing highly sensitive system information, including SSH keys (~/.ssh/id_rsa), AWS credentials, and system password files (/etc/shadow).
- [EXTERNAL_DOWNLOADS] (HIGH): The skill performs unauthorized downloads of executable scripts from non-whitelisted domains.
- [DATA_EXFILTRATION] (MEDIUM): The combination of network request capabilities (curl, wget) and access to sensitive file paths presents a significant path for data exfiltration to external servers.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://evil.com/data, https://evil.com/script.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata