data-structure-protocol
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download a standalone Python script from a remote GitHub repository using
curl -O https://raw.githubusercontent.com/k-kolomeitsev/data-structure-protocol/main/skills/data-structure-protocol/scripts/dsp-cli.py. - [REMOTE_CODE_EXECUTION]: After downloading the script, the agent is directed to execute it locally using
python dsp-cli.py. This allows arbitrary code from an external source to run in the local environment. - [COMMAND_EXECUTION]: The skill performs extensive shell command invocations to initialize, update, and query the codebase graph, relying on the
dsp-cli.pyscript for all operations. - [INDIRECT_PROMPT_INJECTION]: The skill analyzes untrusted data from the local codebase to build its structural map, creating an attack surface for indirect prompt injection.
- Ingestion points: The agent reads project source code (scripts, configs, classes, functions) and
.dsp/metadata files. - Boundary markers: No delimiters or instructions are used to prevent the agent from obeying instructions embedded in the analyzed code.
- Capability inventory: The skill has the ability to execute shell commands and read/write to the filesystem.
- Sanitization: There is no evidence of sanitization or validation of the source code content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata