dev-environment-bootstrapper
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill explicitly promotes the pattern
curl https://get.volta.sh | bashin its onboarding documentation section. This allows a remote server to execute arbitrary code on the user's machine without prior inspection, a classic critical-severity attack vector. - [EXTERNAL_DOWNLOADS] (HIGH): The skill recommends the installation of several external version managers (Volta, asdf, mise, nvm, pyenv) from non-whitelisted sources. Since these sources are not in the 'Trusted GitHub Organizations' list, they are considered unverified for the purpose of this security audit.
- [COMMAND_EXECUTION] (MEDIUM): The 'Setup Script Structure' section generates shell scripts that execute commands like
npm install -g pnpm,pip install, and database migrations. While useful, these scripts are generated based on project contents and could be abused if the skill is manipulated to include malicious commands during the generation phase. - [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: The skill identifies tools by scanning project files during the 'Detect stack' workflow. 2. Boundary markers: Absent; the skill does not specify delimiters to separate project data from generation instructions. 3. Capability inventory: The skill has the capability to write and recommend the execution of shell scripts (
setup.sh) and config files. 4. Sanitization: Absent; the instructions do not include steps to sanitize detected project metadata before using it in script templates.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.volta.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata