model-usage
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill specifies the installation of 'codexbar' via a third-party Homebrew tap ('steipete/tap/codexbar'). This source is not included in the Trusted External Sources list, which poses a risk of executing unverified code during installation.
- REMOTE_CODE_EXECUTION (HIGH): By facilitating the installation and execution of binaries from untrusted remote repositories, the skill enables potential remote code execution on the user's host system.
- COMMAND_EXECUTION (MEDIUM): The skill invokes local python scripts ('model_usage.py') and the 'codexbar' binary. These external components are not provided for analysis, preventing a full security verification of their behavior.
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Ingests data from 'codexbar' CLI outputs and user-provided JSON files via the '--input' flag. 2. Boundary markers: None are present in the instructions to delimit or ignore instructions within the ingested data. 3. Capability inventory: The skill has the capability to execute shell commands and python scripts. 4. Sanitization: There is no evidence of schema validation or content sanitization for the ingested JSON data.
Recommendations
- AI detected serious security threats
Audit Metadata