Skills
skills/rube-de/cc-skills/temporal/Gen Agent Trust Hub

temporal

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes the Temporal CLI installation script from the official vendor domain (https://temporal.download/cli) via a shell pipe.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through the use of WebFetch, WebSearch, and by reading the output of 'temporal workflow show' commands which can contain arbitrary data from workflow histories.
  • Boundary markers: Absent. The skill does not provide instructions or delimiters to separate processed data from the agent's command instructions.
  • Capability inventory: The skill maintains access to Bash, Write, and Edit tools as defined in the frontmatter of SKILL.md.
  • Sanitization: Absent. There are no patterns for escaping or validating external content before it is processed by the agent.
  • [COMMAND_EXECUTION]: Utilizes various shell commands for managing the local development server, environment configuration, and workflow orchestration tasks.
Recommendations
  • HIGH: Downloads and executes remote code from: https://temporal.download/cli - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 05:28 AM