Skills
skills/plurigrid/asi/topoi-hatchery/Gen Agent Trust Hub

topoi-hatchery

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill utilizes just install to execute system commands where the execution path is determined by a 'coin-flip' logic. This non-deterministic behavior is a technique to bypass predictable auditing and security controls.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill pulls dependencies and code from the untrusted repository TeglonLabs/topoi. This repository is outside the trusted scope, posing a supply-chain risk.
  • [REMOTE_CODE_EXECUTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Processes 'evaluable forms' and 'dependency space' from external sources.
  • Boundary markers: Absent; no delimiters or 'ignore embedded instructions' markers are present in the definitions.
  • Capability inventory: Includes just install (arbitrary command runner), babashka (scripting engine), and qemu (system emulation).
  • Sanitization: No evidence of sanitization, validation, or escaping of external content before evaluation.
  • [COMMAND_EXECUTION] (MEDIUM): The skill attempts to install system-level software including qemu and github management tools. These operations typically require elevated privileges and provide a broad attack surface for system persistence or unauthorized repository access.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:44 AM