asc-plugin-release
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONSAFE
Full Analysis
- [SAFE]: Automated scans flagged a piped command (
curl ... | python3) as a potential remote code execution risk. Manual analysis confirms this is a false positive; the command uses the standardjson.toolmodule for pretty-printing JSON and does not execute the input as code. - [COMMAND_EXECUTION]: The skill uses shell commands (make, zip, gh, git) to automate build and release tasks. These operations target the
tddworks/asc-registryrepository, which is a verified resource owned by the skill's author. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data from a local file can influence sensitive commands. 1. Ingestion points: manifest.json (Step 1). 2. Boundary markers: Absent. 3. Capability inventory: Shell access via gh, git, and make. 4. Sanitization: Absent. The agent is instructed to interpolate fields like version and description directly into shell arguments, which could lead to command injection if the manifest file is malicious.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/tddworks/asc-registry/main/registry.json - DO NOT USE without thorough review
Audit Metadata