component-gallery
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The ingestion script (
scripts/ingest.py) downloads markdown files from an external GitHub repository (github.com/inbn/component-gallery) to populate its local search index.\n- [REMOTE_CODE_EXECUTION]: Automated scans detected a pattern inscripts/ingest.pywhere content is downloaded from the network (urllib.request.urlopen) and subsequently processed by an external subprocess (rlama rag). While the fetched content consists of markdown documentation rather than executable code, the interaction between remote data and system-level execution tools is noted as a risk vector.\n- [COMMAND_EXECUTION]: The skill makes extensive use ofsubprocess.runto invoke system commands and CLI tools, includingfirecrawl,rlama, andpython3, for data processing and search operations. It also relies on hardcoded paths to external skill scripts inscripts/query.py.\n- [PROMPT_INJECTION]: The RAG-based design creates a surface for Indirect Prompt Injection (Category 8).\n - Ingestion points: Data is crawled from
component.galleryand fetched fromgithub.com/inbn/component-galleryinscripts/ingest.py.\n - Boundary markers: No specific delimiters or protective instructions are implemented to isolate retrieved data chunks from the agent's primary instruction set.\n
- Capability inventory: The skill is granted access to
Bash,Read,Grep, andGlobtools viaSKILL.md.\n - Sanitization: There is no evidence of validation or sanitization of the markdown content fetched from remote sources before it is processed by the search engine or presented to the agent.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
Audit Metadata