fal-image
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The execution steps in SKILL.md use the '${FILE_NAME}' variable, sourced from 'refly workflow toolcalls', directly in a shell command ('refly file download'). This creates a path traversal vulnerability because the filename is not sanitized; an attacker-controlled service could return a filename like '../../.bash_profile' to overwrite critical system files.
- EXTERNAL_DOWNLOADS (MEDIUM): The installation process ('refly skill install') downloads logic from an unverified remote repository (skp-jxj7q39dzqppywoes536ht67). This source is not on the trusted list, meaning the code being executed has not been verified for safety.
- PROMPT_INJECTION (MEDIUM): The skill ingests untrusted user input via the 'prompt' field and sends it to an external tool. There are no boundary markers or sanitization logic present to prevent instructions embedded in the prompt from influencing the tool's behavior or subsequent agent steps that process the tool's output.
Recommendations
- AI detected serious security threats
Audit Metadata