setup-agent
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
curlto interact with the Karma API endpoint atgapapi.karmahq.xyz. These commands are used to initialize authentication and verify codes. It also usespython3 -m json.toolfor formatting API responses. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted user data (email addresses and verification codes) which are then interpolated into shell commands. * Ingestion points: User-provided email and verification code (Step 2 and Step 3 of SKILL.md). * Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the user input as data rather than command components. * Capability inventory: The skill uses
curlfor network requests andpython3for processing output. * Sanitization: There is no mention of sanitizing or escaping the user-provided strings before they are used in the command-line interface.
Audit Metadata