skillhub-guide
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions and scripts encourage downloading and piping a remote script directly into bash (
curl -fsSL https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/install.sh | bash). This executes unverified code from a remote source with the current user's privileges without security oversight. - [EXTERNAL_DOWNLOADS]: References and fetches resources from an external cloud storage bucket (
skillhub-1388575217.cos.ap-guangzhou.myqcloud.com), which is a non-standard distribution point for official tools. - [COMMAND_EXECUTION]: The skill relies on executing various shell commands for setup, search, and installation of external tools (
skillhub install,skillhub search,Get-Command). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection vulnerabilities.
- Ingestion points: The agent reads and processes output from the
skillhub searchcommand to guide user interaction (found inSKILL.md). - Boundary markers: No boundary markers or specific 'ignore' instructions are provided to the agent when processing this untrusted external data.
- Capability inventory: The agent can perform write operations to the workspace (
skillhub install) and execute system commands during setup. - Sanitization: There is no evidence of data sanitization, validation, or escaping for the external command output before it is parsed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata