quickstart
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The Troubleshooting section in SKILL.md provides the command 'curl -LsSf https://astral.sh/uv/install.sh | sh'. Executing remote scripts by piping them directly to a shell is a dangerous pattern as the content of the script is not inspected or verified before execution.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads the 'uv' installation script from astral.sh, which is not listed as a trusted external source according to the defined whitelist.
- COMMAND_EXECUTION (LOW): The skill executes local scripts such as 'scripts/upsert.py' and 'scripts/quickstart_complete.py' using 'uv run'.
- PROMPT_INJECTION (LOW): Path B (Assistant Quickstart) introduces a surface for indirect prompt injection by generating content based on user-provided 'topics' which are then processed by assistant tools. 1. Ingestion points: Path B Step 1 in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: subprocess execution of create.py, upload.py, and chat.py. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata