data-structure-protocol
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download a script from an untrusted personal GitHub repository and execute it locally using Python. Evidence: Download and execution of dsp-cli.py from https://raw.githubusercontent.com/k-kolomeitsev/data-structure-protocol/main/skills/data-structure-protocol/scripts/dsp-cli.py.
- [EXTERNAL_DOWNLOADS]: Uses curl to retrieve a script from a remote URL that is not part of a trusted organization or well-known service. Evidence: curl -O https://raw.githubusercontent.com/k-kolomeitsev/data-structure-protocol/main/skills/data-structure-protocol/scripts/dsp-cli.py.
- [COMMAND_EXECUTION]: The skill frequently executes the downloaded Python script to perform file and directory operations. Evidence: Commands such as python dsp-cli.py --root . init and python dsp-cli.py --root . create-object.
- [PROMPT_INJECTION]: The skill maps codebase structure by reading untrusted file content, presenting an indirect prompt injection surface. 1. Ingestion points: Scans all project files including source code, configuration, and documentation during bootstrapping in SKILL.md. 2. Boundary markers: No delimiters are used to separate untrusted file content from instructions; the skill uses @dsp markers which can be easily spoofed. 3. Capability inventory: The skill performs file writes, directory creation, and executes CLI commands via the Python script. 4. Sanitization: No sanitization of ingested content is observed in SKILL.md.
Recommendations
- AI detected serious security threats
Audit Metadata