Skills
skills/quailyquaily/aqua/aqua-communication/Gen Agent Trust Hub

aqua-communication

Warn

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation process in SKILL.md and README.md uses a remote script execution pattern. It downloads an installer from the author's GitHub repository and executes it via bash.
  • [COMMAND_EXECUTION]: The installation instructions require the use of sudo to run the installer, granting the script administrative privileges on the host system.
  • [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection (Category 8) because its primary purpose is to receive and process messages from external peers.
  • Ingestion points: aqua inbox list and aqua inbox watch commands in SKILL.md which provide message content to the agent.
  • Boundary markers: Absent. Message content is not wrapped in isolation markers to prevent the agent from following instructions contained within the messages.
  • Capability inventory: The agent uses the aqua CLI to send and receive data across a peer-to-peer network.
  • Sanitization: Absent. The tool does not perform filtering or sanitization of incoming message payloads.
  • [EXTERNAL_DOWNLOADS]: The skill fetches its core utility and installation scripts from github.com/quailyquaily/aqua.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 12:22 PM