infra-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation recommends executing remote scripts via piped bash commands (curl -L https://aka.ms/InstallAzureCli | bash), which is a high-risk pattern that bypasses local verification.
- [EXTERNAL_DOWNLOADS] (HIGH): Multiple references recommend downloading and executing binaries or scripts from external sources (AWS, Google, and GitHub). While these are trusted providers, the pattern of downloading and executing without integrity checks is inherently risky.
- [COMMAND_EXECUTION] (HIGH): The skill contains instructions for executing commands with administrative privileges using sudo (e.g., sudo ./aws/install), increasing the impact of potential malicious injections or errors.
- [INDIRECT_PROMPT_INJECTION] (LOW): Documentation in references/browser-rendering.md and references/cloudflare-workers-advanced.md shows patterns for AI-powered web scrapers that ingest untrusted web content (page.content()) and pass it directly to an LLM.
- Ingestion points: cloudflare-workers-advanced.md (page.content() from news.ycombinator.com)
- Boundary markers: Absent (no delimiters or system instructions to ignore embedded content)
- Capability inventory: cloudflare-workers-advanced.md (uses env.AI.run to process raw HTML)
- Sanitization: Absent (no evidence of HTML sanitization or filtering before AI processing)
Recommendations
- HIGH: Downloads and executes remote code from: https://aka.ms/InstallAzureCli - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata