Skills
skills/sheurich/agent-skills/swival/Gen Agent Trust Hub

swival

Fail

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation in SKILL.md and references/agentfs.md recommends installing the AgentFS sandbox by piping a remote script directly to bash: curl -fsSL https://agentfs.ai/install | bash. This allows the remote server to execute arbitrary code on the user's machine without prior verification.
  • [EXTERNAL_DOWNLOADS]: The skill references downloading software and installation scripts from agentfs.ai and GitHub repositories under the tursodatabase organization. While the documentation provides a safer installation method with checksum verification as an alternative, the primary recommendation remains the high-risk one-liner.
  • [COMMAND_EXECUTION]: The scripts/swival-proxy bash script manages the litellm proxy process using commands like nohup, ps, and kill to control execution and monitor process IDs.
  • [PROMPT_INJECTION]: As a coding agent that processes project files and tool outputs, the skill is vulnerable to indirect prompt injection. Although it includes a mechanism to tag outputs as untrusted, the agent's extensive capabilities (filesystem access, command execution) mean that malicious instructions embedded in a project's files could potentially lead to unauthorized actions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://agentfs.ai/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 5, 2026, 06:37 PM