Skills
skills/spiceai/skills/spice-setup/Gen Agent Trust Hub

spice-setup

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation provides commands to download and execute remote scripts without verification. Evidence: curl https://install.spiceai.org | /bin/bash and a PowerShell iex script download in SKILL.md.
  • [EXTERNAL_DOWNLOADS] (HIGH): Software and scripts are sourced from install.spiceai.org, which is not present in the defined trusted source whitelist.
  • [PROMPT_INJECTION] (HIGH): The skill documentation establishes an indirect prompt injection surface (Category 8) by facilitating the ingestion of untrusted datasets and model configurations while maintaining high-privilege execution capabilities like spice run. Evidence: Data ingestion via datasets and models in spicepod.yaml; Capability: spice run and spice sql in SKILL.md.
  • [COMMAND_EXECUTION] (MEDIUM): The skill invokes several system-level commands including initialization, runtime execution, and software upgrades (spice init, spice run, spice upgrade).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 12:04 AM