dot
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
getdotCLI from remote scripts hosted on the vendor's domain. \n - Evidence:
SKILL.mddirects agents to download fromhttps://app.getdot.ai/install.shandhttps://app.getdot.ai/install.ps1. \n - Context: These are official resources from the vendor, Snowboard-Software. \n- [REMOTE_CODE_EXECUTION]: The installation process involves a 'curl-pipe-bash' command sequence, executing remote code in the local environment. \n
- Evidence:
curl -fsSL https://app.getdot.ai/install.sh | shfound inSKILL.md. \n - Context: While common for developer tools, this pattern relies on the integrity of the vendor's delivery infrastructure. \n- [COMMAND_EXECUTION]: The skill allows the AI agent to execute shell commands to query databases through the CLI and manage local output files like PNG charts and CSV data. \n
- Evidence: Shell command patterns such as
dot cataloganddot "..."inSKILL.md. \n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (shell injection) by instructing the agent to place untrusted user questions directly into shell commands. \n - Ingestion points: User questions provided to the
dotcommand inSKILL.md. \n - Boundary markers: Use of double quotes is suggested, which provides only minimal protection against malicious shell characters. \n
- Capability inventory: The agent is granted shell access to run the
getdottool and read results from temporary directories. \n - Sanitization: There is no requirement or logic provided for the agent to sanitize user input for shell-sensitive metacharacters before execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://app.getdot.ai/install.sh - DO NOT USE without thorough review
Audit Metadata